Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report e92b274943f4a3a557881ee0dd57772d.exe

Overview

General Information

Sample Name:e92b274943f4a3a557881ee0dd57772d.exe
Analysis ID:356808
MD5:1f2b71c462d73dcdcc69a707a18c38d6
SHA1:98957c96b7c2dd066b6c5108f8ded53983427472
SHA256:c6e001729b8abc3d321756d6964e1a84148f19004f03606953ebba32081f4c75
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT
.NET source code contains potential unpacker
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • e92b274943f4a3a557881ee0dd57772d.exe (PID: 5900 cmdline: 'C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe' MD5: 1F2B71C462D73DCDCC69A707A18C38D6)
    • e92b274943f4a3a557881ee0dd57772d.exe (PID: 6108 cmdline: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe MD5: 1F2B71C462D73DCDCC69A707A18C38D6)
      • schtasks.exe (PID: 2336 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 4012 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 2880 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp266B.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 4860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 6296 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: 1F2B71C462D73DCDCC69A707A18C38D6)
    • dhcpmon.exe (PID: 6468 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: 1F2B71C462D73DCDCC69A707A18C38D6)
  • dhcpmon.exe (PID: 6720 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 1F2B71C462D73DCDCC69A707A18C38D6)
    • dhcpmon.exe (PID: 7024 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: 1F2B71C462D73DCDCC69A707A18C38D6)
    • backgroundTaskHost.exe (PID: 7024 cmdline: 'C:\Windows\system32\backgroundTaskHost.exe' -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca MD5: B7FC4A29431D4F795BBAB1FB182B759A)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "94----", "Group": "V-HASH", "Domain1": "cloudhost.myfirewall.org", "Domain2": "cloudhost.myfirewall.org", "Port": 5654, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "cloudhost.myfirewall.org", "BackupDNSServer": "cloudhost.myfirewall.org", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000014.00000002.310042790.00000000033F1000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000009.00000002.275177741.0000000002FB1000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
            Click to see the 52 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            12.2.dhcpmon.exe.400000.0.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
            • 0x1018d:$x1: NanoCore.ClientPluginHost
            • 0x101ca:$x2: IClientNetworkHost
            • 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
            12.2.dhcpmon.exe.400000.0.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
            • 0xff05:$x1: NanoCore Client.exe
            • 0x1018d:$x2: NanoCore.ClientPluginHost
            • 0x117c6:$s1: PluginCommand
            • 0x117ba:$s2: FileCommand
            • 0x1266b:$s3: PipeExists
            • 0x18422:$s4: PipeCreated
            • 0x101b7:$s5: IClientLoggingHost
            12.2.dhcpmon.exe.400000.0.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
              12.2.dhcpmon.exe.400000.0.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
              • 0xfef5:$a: NanoCore
              • 0xff05:$a: NanoCore
              • 0x10139:$a: NanoCore
              • 0x1014d:$a: NanoCore
              • 0x1018d:$a: NanoCore
              • 0xff54:$b: ClientPlugin
              • 0x10156:$b: ClientPlugin
              • 0x10196:$b: ClientPlugin
              • 0x1007b:$c: ProjectData
              • 0x10a82:$d: DESCrypto
              • 0x1844e:$e: KeepAlive
              • 0x1643c:$g: LogClientMessage
              • 0x12637:$i: get_Connected
              • 0x10db8:$j: #=q
              • 0x10de8:$j: #=q
              • 0x10e04:$j: #=q
              • 0x10e34:$j: #=q
              • 0x10e50:$j: #=q
              • 0x10e6c:$j: #=q
              • 0x10e9c:$j: #=q
              • 0x10eb8:$j: #=q
              12.2.dhcpmon.exe.3c430dd.6.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
              • 0xb184:$x1: NanoCore.ClientPluginHost
              • 0x241a0:$x1: NanoCore.ClientPluginHost
              • 0xb1b1:$x2: IClientNetworkHost
              • 0x241cd:$x2: IClientNetworkHost
              Click to see the 124 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: NanoCoreShow sources
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe, ProcessId: 6108, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
              Sigma detected: Scheduled temp file as task from temp locationShow sources
              Source: Process startedAuthor: Joe Security: Data: Command: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp', CommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp', CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe, ParentImage: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe, ParentProcessId: 6108, ProcessCommandLine: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp', ProcessId: 2336

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "94----", "Group": "V-HASH", "Domain1": "cloudhost.myfirewall.org", "Domain2": "cloudhost.myfirewall.org", "Port": 5654, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "cloudhost.myfirewall.org", "BackupDNSServer": "cloudhost.myfirewall.org", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
              Multi AV Scanner detection for dropped fileShow sources
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 10%
              Yara detected Nanocore RATShow sources
              Source: Yara matchFile source: 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310042790.00000000033F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.289889933.0000000002EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORY
              Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPE
              Source: 20.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
              Source: 12.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7

              Compliance:

              barindex
              Uses 32bit PE filesShow sources
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Uses new MSVCR DllsShow sources
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
              Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Binary contains paths to debug symbolsShow sources
              Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.500217236.0000000000955000.00000004.00000040.sdmp
              Source: Binary string: mscorrc.pdb source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.257690003.0000000006680000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.279859695.00000000066E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.281624150.0000000006B30000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.296987366.00000000077D0000.00000002.00000001.sdmp
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04CEEA41
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04CEEA50
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h9_2_02C0EA41
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h9_2_02C0EA50
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h10_2_0304EA41
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h10_2_0304EA50

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: cloudhost.myfirewall.org
              Source: global trafficTCP traffic: 192.168.2.5:49717 -> 79.134.225.105:5654
              Source: Joe Sandbox ViewIP Address: 79.134.225.105 79.134.225.105
              Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
              Source: unknownDNS traffic detected: queries for: cloudhost.myfirewall.org
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
              Source: dhcpmon.exe, dhcpmon.exe, 0000000C.00000002.287680615.0000000000492000.00000002.00020000.sdmp, dhcpmon.exe, 00000010.00000000.282951821.0000000000282000.00000002.00020000.sdmp, dhcpmon.exe, 00000014.00000000.288641273.0000000000D42000.00000002.00020000.sdmp, e92b274943f4a3a557881ee0dd57772d.exeString found in binary or memory: http://qunect.com/download/QuNect.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exeString found in binary or memory: http://qunect.com/download/QuNect.exeMOperation
              Source: e92b274943f4a3a557881ee0dd57772d.exeString found in binary or memory: http://validator.w3.org/check?uri=referer
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.240286022.0000000005029000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersg#
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.250488584.0000000005020000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.250488584.0000000005020000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comasva04x
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233921994.000000000503B000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233865303.000000000503B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comx
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235685065.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/i
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235491079.000000000505D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn0
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235501924.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnU
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235491079.000000000505D000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnu-h
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/-4
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/04x
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/O
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/T4$
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a-e
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/c4
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/j4
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233760280.000000000503B000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233717864.000000000503E000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comporH
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.234803629.0000000005029000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.krnta
              Source: dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.251261755.0000000000B3B000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

              E-Banking Fraud:

              barindex
              Yara detected Nanocore RATShow sources
              Source: Yara matchFile source: 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310042790.00000000033F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.289889933.0000000002EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORY
              Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPE

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 12.2.dhcpmon.exe.2c13ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.2ad1338.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.2f13acc.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.2f01794.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 20.2.dhcpmon.exe.3413ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 20.2.dhcpmon.exe.34017ac.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 12.2.dhcpmon.exe.2c017ac.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              Source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
              Source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
              .NET source code contains very large stringsShow sources
              Source: e92b274943f4a3a557881ee0dd57772d.exe, frmRazor.csLong String: Length: 13656
              Source: 0.0.e92b274943f4a3a557881ee0dd57772d.exe.4c0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.4c0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: dhcpmon.exe.2.dr, frmRazor.csLong String: Length: 13656
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.4a0000.1.unpack, frmRazor.csLong String: Length: 13656
              Source: 2.0.e92b274943f4a3a557881ee0dd57772d.exe.4a0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 9.0.e92b274943f4a3a557881ee0dd57772d.exe.8c0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.8c0000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 10.0.dhcpmon.exe.d10000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 10.2.dhcpmon.exe.d10000.0.unpack, frmRazor.csLong String: Length: 13656
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.850000.1.unpack, frmRazor.csLong String: Length: 13656
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE65A80_2_04CE65A8
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE3A300_2_04CE3A30
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE67B00_2_04CE67B0
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE74B00_2_04CE74B0
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE65990_2_04CE6599
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE8D560_2_04CE8D56
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE52FF0_2_04CE52FF
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE72680_2_04CE7268
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE72660_2_04CE7266
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE3A2B0_2_04CE3A2B
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE53080_2_04CE5308
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00D07AC12_2_00D07AC1
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C03A309_2_02C03A30
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C067B09_2_02C067B0
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C065A89_2_02C065A8
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C073479_2_02C07347
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C053089_2_02C05308
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C0749F9_2_02C0749F
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C074B09_2_02C074B0
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C08D609_2_02C08D60
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_030467B010_2_030467B0
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_03043A3010_2_03043A30
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_030465A810_2_030465A8
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304530810_2_03045308
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_030467A310_2_030467A3
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_03043A2010_2_03043A20
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304726710_2_03047267
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304726810_2_03047268
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_030452F710_2_030452F7
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_03048D5610_2_03048D56
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304659B10_2_0304659B
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304749F10_2_0304749F
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_030474B010_2_030474B0
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 11_2_05092FA811_2_05092FA8
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 11_2_050923A011_2_050923A0
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 11_2_0509306F11_2_0509306F
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_02782FA812_2_02782FA8
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_027823A012_2_027823A0
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 12_2_0278306F12_2_0278306F
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAsyncState.dllF vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000000.232516682.0000000000536000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFilters.exe< vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.259065727.0000000006840000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLegacyPathHandling.dllN vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.251261755.0000000000B3B000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.257690003.0000000006680000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.504705166.0000000002AC1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.500021122.0000000000516000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFilters.exe< vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275177741.0000000002FB1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAsyncState.dllF vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000000.260411701.0000000000936000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFilters.exe< vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.279859695.00000000066E0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.280111887.0000000006880000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLegacyPathHandling.dllN vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.287796822.00000000008C6000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFilters.exe< vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.291214663.00000000051A0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exeBinary or memory string: OriginalFilenameFilters.exe< vs e92b274943f4a3a557881ee0dd57772d.exe
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 12.2.dhcpmon.exe.2c13ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.2c13ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.2ad1338.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.2ad1338.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.2f13acc.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.2f13acc.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.2f01794.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.2f01794.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 20.2.dhcpmon.exe.3413ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.3413ac8.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 20.2.dhcpmon.exe.34017ac.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 20.2.dhcpmon.exe.34017ac.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 12.2.dhcpmon.exe.2c017ac.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.2c017ac.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
              Source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: dhcpmon.exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
              Source: e92b274943f4a3a557881ee0dd57772d.exe, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 0.0.e92b274943f4a3a557881ee0dd57772d.exe.4c0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.4c0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: dhcpmon.exe.2.dr, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.4a0000.1.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 2.0.e92b274943f4a3a557881ee0dd57772d.exe.4a0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 9.0.e92b274943f4a3a557881ee0dd57772d.exe.8c0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.8c0000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 10.0.dhcpmon.exe.d10000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 10.2.dhcpmon.exe.d10000.0.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.850000.1.unpack, frmRazor.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Security.Principal.WindowsIdentity System.Security.Principal.WindowsIdentity::GetCurrent()
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csSecurity API names: System.Boolean System.Security.Principal.WindowsPrincipal::IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: classification engineClassification label: mal100.troj.evad.winEXE@19/8@22/2
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\e92b274943f4a3a557881ee0dd57772d.exe.logJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4860:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4012:120:WilError_01
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{d1470c94-c693-4be3-b7c3-884d57fb2b86}
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile created: C:\Users\user\AppData\Local\Temp\tmp22EF.tmpJump to behavior
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile read: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe 'C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe'
              Source: unknownProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
              Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp'
              Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp266B.tmp'
              Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe 0
              Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
              Source: unknownProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
              Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
              Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
              Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
              Source: unknownProcess created: C:\Windows\System32\backgroundTaskHost.exe 'C:\Windows\system32\backgroundTaskHost.exe' -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp'Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp266B.tmp'Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
              Source: e92b274943f4a3a557881ee0dd57772d.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.500217236.0000000000955000.00000004.00000040.sdmp
              Source: Binary string: mscorrc.pdb source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.257690003.0000000006680000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.279859695.00000000066E0000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.281624150.0000000006B30000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.296987366.00000000077D0000.00000002.00000001.sdmp

              Data Obfuscation:

              barindex
              .NET source code contains potential unpackerShow sources
              Source: e92b274943f4a3a557881ee0dd57772d.exe, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 0.0.e92b274943f4a3a557881ee0dd57772d.exe.4c0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.4c0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: dhcpmon.exe.2.dr, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.4a0000.1.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 2.0.e92b274943f4a3a557881ee0dd57772d.exe.4a0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 9.0.e92b274943f4a3a557881ee0dd57772d.exe.8c0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.8c0000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 10.0.dhcpmon.exe.d10000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 10.2.dhcpmon.exe.d10000.0.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.850000.1.unpack, BoundHandle.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_00B02CE2 push cs; ret 0_2_00B02D02
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_00B02C59 push es; ret 0_2_00B02C5A
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_00B02C88 push cs; ret 0_2_00B02D02
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_00B166EA pushad ; ret 0_2_00B166F1
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_00B17313 push eax; ret 0_2_00B1731D
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE48A8 push edi; retf 0004h0_2_04CE48AA
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE8829 push edi; retf 0_2_04CE882A
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CEB152 push es; iretd 0_2_04CEB153
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CEB685 pushfd ; retf 0_2_04CEB686
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE3A20 push edx; retf 0004h0_2_04CE3A22
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 0_2_04CE0398 pushfd ; retf 0004h0_2_04CE0399
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00CF2A44 pushad ; iretd 2_2_00CF2A49
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00CF2840 push CC720541h; iretd 2_2_00CF28A9
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00CF2BEC push cs; ret 2_2_00CF2BEA
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00CF27FC push CC720541h; iretd 2_2_00CF28A9
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00CF2BBD push cs; ret 2_2_00CF2BEA
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00D074B8 push ebp; ret 2_2_00D074B9
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00D074AC push ecx; ret 2_2_00D074AD
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00D09D74 push eax; retf 2_2_00D09D75
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 2_2_00D09D78 pushad ; retf 2_2_00D09D79
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C0B685 pushfd ; retf 9_2_02C0B686
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C08829 push edi; retf 9_2_02C0882A
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeCode function: 9_2_02C0B152 push es; iretd 9_2_02C0B153
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_01572C94 push cs; ret 10_2_01572D0E
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_01572C65 push es; ret 10_2_01572C66
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_01572CEE push cs; ret 10_2_01572D0E
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0158731C push eax; ret 10_2_0158731D
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_015866E6 pushad ; ret 10_2_015866F1
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304B685 pushfd ; retf 10_2_0304B686
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0304B152 push es; iretd 10_2_0304B153
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_03048829 push edi; retf 10_2_0304882A
              Source: initial sampleStatic PE information: section name: .text entropy: 7.64910376893
              Source: initial sampleStatic PE information: section name: .text entropy: 7.64910376893
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
              Source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
              Source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

              Boot Survival:

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
              Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp'

              Hooking and other Techniques for Hiding and Protection:

              barindex
              Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeFile opened: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe:Zone.Identifier read attributes | deleteJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion:

              barindex
              Yara detected AntiVM_3Show sources
              Source: Yara matchFile source: 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.275177741.0000000002FB1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.252271147.0000000002BA1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.292697027.0000000002A01000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.275574869.00000000033B1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6200, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6296, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6720, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 5900, type: MEMORY
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.2fc3ed0.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.33c3ed0.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.2a141d0.1.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.2bb41d0.1.raw.unpack, type: UNPACKEDPE
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeWindow / User API: foregroundWindowGot 907Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 5976Thread sleep time: -100188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 5724Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 5904Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 4644Thread sleep time: -200000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 6204Thread sleep time: -104756s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 6316Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6300Thread sleep time: -104946s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6336Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe TID: 6516Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6548Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6724Thread sleep time: -99836s >= -30000s
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6828Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 7072Thread sleep time: -922337203685477s >= -30000s
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: vmware
              Source: dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Injects a PE file into a foreign processesShow sources
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeMemory written: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeMemory written: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp'Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp266B.tmp'Jump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeProcess created: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to behavior
              Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to behavior
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.506318465.0000000002C3A000.00000004.00000001.sdmpBinary or memory string: Program ManagerH
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.505259041.0000000002B4E000.00000004.00000001.sdmpBinary or memory string: Program Manager
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.502322679.0000000001230000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.502322679.0000000001230000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.502322679.0000000001230000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.502322679.0000000001230000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.502322679.0000000001230000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected Nanocore RATShow sources
              Source: Yara matchFile source: 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310042790.00000000033F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.289889933.0000000002EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORY
              Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPE

              Remote Access Functionality:

              barindex
              Detected Nanocore RatShow sources
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.504705166.0000000002AC1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 00000002.00000002.504705166.0000000002AC1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
              Source: e92b274943f4a3a557881ee0dd57772d.exe, 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
              Source: dhcpmon.exe, 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
              Source: dhcpmon.exe, 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
              Source: dhcpmon.exe, 00000014.00000002.310328502.0000000003410000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
              Source: dhcpmon.exe, 00000014.00000002.310328502.0000000003410000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
              Yara detected Nanocore RATShow sources
              Source: Yara matchFile source: 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310042790.00000000033F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.289889933.0000000002EF1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 7024, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6468, type: MEMORY
              Source: Yara matchFile source: 12.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.44430dd.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f430dd.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4660830.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d04760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4114760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3bbe580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3b64760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3d5e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.4260830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.e92b274943f4a3a557881ee0dd57772d.exe.3e50830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f39c7e.5.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.443eab4.5.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 16.2.dhcpmon.exe.3cb0830.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.4514760.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 20.2.dhcpmon.exe.4439c7e.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 11.2.e92b274943f4a3a557881ee0dd57772d.exe.3f3eab4.6.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 12.2.dhcpmon.exe.3c3eab4.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 9.2.e92b274943f4a3a557881ee0dd57772d.exe.416e580.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.dhcpmon.exe.456e580.2.raw.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsScheduled Task/Job1Scheduled Task/Job1Process Injection112Masquerading2Input Capture21Security Software Discovery21Remote ServicesInput Capture21Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsScheduled Task/Job1Virtualization/Sandbox Evasion2LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection112NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery12SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol11Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonHidden Files and Directories1Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information31DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing13Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 356808 Sample: e92b274943f4a3a557881ee0dd5... Startdate: 23/02/2021 Architecture: WINDOWS Score: 100 47 cloudhost.myfirewall.org 2->47 53 Found malware configuration 2->53 55 Malicious sample detected (through community Yara rule) 2->55 57 Multi AV Scanner detection for dropped file 2->57 59 10 other signatures 2->59 9 e92b274943f4a3a557881ee0dd57772d.exe 3 2->9         started        12 dhcpmon.exe 2 2->12         started        14 e92b274943f4a3a557881ee0dd57772d.exe 2 2->14         started        16 dhcpmon.exe 3 2->16         started        signatures3 process4 signatures5 63 Injects a PE file into a foreign processes 9->63 18 e92b274943f4a3a557881ee0dd57772d.exe 1 14 9->18         started        23 dhcpmon.exe 12->23         started        25 backgroundTaskHost.exe 12->25         started        27 e92b274943f4a3a557881ee0dd57772d.exe 2 14->27         started        29 dhcpmon.exe 2 16->29         started        process6 dnsIp7 49 cloudhost.myfirewall.org 79.134.225.105, 49717, 49720, 49721 FINK-TELECOM-SERVICESCH Switzerland 18->49 51 192.168.2.1 unknown unknown 18->51 39 C:\Program Files (x86)\...\dhcpmon.exe, PE32 18->39 dropped 41 C:\Users\user\AppData\Roaming\...\run.dat, Non-ISO 18->41 dropped 43 C:\Users\user\AppData\Local\...\tmp22EF.tmp, XML 18->43 dropped 45 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 18->45 dropped 61 Hides that the sample has been downloaded from the Internet (zone.identifier) 18->61 31 schtasks.exe 1 18->31         started        33 schtasks.exe 1 18->33         started        file8 signatures9 process10 process11 35 conhost.exe 31->35         started        37 conhost.exe 33->37         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              No Antivirus matches

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe10%ReversingLabsWin32.Trojan.AgentTesla

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              20.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
              2.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
              12.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
              11.2.e92b274943f4a3a557881ee0dd57772d.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

              Domains

              SourceDetectionScannerLabelLink
              cloudhost.myfirewall.org1%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              cloudhost.myfirewall.org1%VirustotalBrowse
              cloudhost.myfirewall.org0%Avira URL Cloudsafe
              http://qunect.com/download/QuNect.exe0%VirustotalBrowse
              http://qunect.com/download/QuNect.exe0%Avira URL Cloudsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/j40%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/a-e0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/O0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/04x0%Avira URL Cloudsafe
              http://www.founder.com.cn/cnU0%Avira URL Cloudsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.carterandcone.coml0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/-40%Avira URL Cloudsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.founder.com.cn/cn0%URL Reputationsafe
              http://www.founder.com.cn/cn00%Avira URL Cloudsafe
              http://www.sajatypeworks.comporH0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/c40%Avira URL Cloudsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.founder.com.cn/cn/i0%Avira URL Cloudsafe
              http://www.sandoll.co.krnta0%Avira URL Cloudsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://qunect.com/download/QuNect.exeMOperation0%Avira URL Cloudsafe
              http://www.founder.com.cn/cnu-h0%Avira URL Cloudsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.fonts.comx0%Avira URL Cloudsafe
              http://www.fontbureau.comasva04x0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/T4$0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cloudhost.myfirewall.org
              		79.134.225.105
              		truetrueunknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              cloudhost.myfirewall.orgtrue
              • 1%, Virustotal, Browse
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.apache.org/licenses/LICENSE-2.0e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.come92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com/designersGe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                    		high
                    http://qunect.com/download/QuNect.exedhcpmon.exe, dhcpmon.exe, 0000000C.00000002.287680615.0000000000492000.00000002.00020000.sdmp, dhcpmon.exe, 00000010.00000000.282951821.0000000000282000.00000002.00020000.sdmp, dhcpmon.exe, 00000014.00000000.288641273.0000000000D42000.00000002.00020000.sdmp, e92b274943f4a3a557881ee0dd57772d.exefalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.comFe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.250488584.0000000005020000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/?e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bThee92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/j4e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/a-ee92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.fontbureau.com/designers?e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                        		high
                        http://www.jiyu-kobo.co.jp/Oe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.jiyu-kobo.co.jp/04xe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.founder.com.cn/cnUe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235501924.0000000005024000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.tiro.comdhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designersdhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                          		high
                          http://www.goodfont.co.kre92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.csse92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, dhcpmon.exe, 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmpfalse
                            		high
                            http://www.carterandcone.comle92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.sajatypeworks.come92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233760280.000000000503B000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/-4e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.typography.netDe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/cabarga.htmlNe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                              		high
                              http://www.founder.com.cn/cn/cThee92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htme92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.come92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cne92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cn0e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235491079.000000000505D000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers/frere-jones.htmle92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                		high
                                http://www.sajatypeworks.comporHe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233717864.000000000503E000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/c4e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.galapagosdesign.com/DPleasee92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://validator.w3.org/check?uri=referere92b274943f4a3a557881ee0dd57772d.exefalse
                                  		high
                                  http://www.fontbureau.com/designers8e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designersg#e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.240286022.0000000005029000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/ie92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235685065.0000000005024000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.sandoll.co.krntae92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.234803629.0000000005029000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fonts.come92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233921994.000000000503B000.00000004.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                        		high
                                        http://www.sandoll.co.kre92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.urwpp.deDPleasee92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.zhongyicts.com.cne92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://qunect.com/download/QuNect.exeMOperatione92b274943f4a3a557881ee0dd57772d.exefalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.founder.com.cn/cnu-he92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.235491079.000000000505D000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.sakkal.come92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000002.255551391.0000000005110000.00000002.00000001.sdmp, e92b274943f4a3a557881ee0dd57772d.exe, 00000009.00000002.278284760.0000000005590000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.279293564.00000000059E0000.00000002.00000001.sdmp, dhcpmon.exe, 00000010.00000002.294768587.0000000004F30000.00000002.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fonts.comxe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.233865303.000000000503B000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.comasva04xe92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.250488584.0000000005020000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/T4$e92b274943f4a3a557881ee0dd57772d.exe, 00000000.00000003.237262965.0000000005024000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public

                                        IPDomainCountryFlagASNASN NameMalicious
                                        79.134.225.105
                                        		unknownSwitzerland
                                        		6775FINK-TELECOM-SERVICESCHtrue

                                        Private

                                        IP
                                        192.168.2.1

                                        General Information

                                        Joe Sandbox Version:31.0.0 Emerald
                                        Analysis ID:356808
                                        Start date:23.02.2021
                                        Start time:17:06:18
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 13m 52s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Sample file name:e92b274943f4a3a557881ee0dd57772d.exe
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:32
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Detection:MAL
                                        Classification:mal100.troj.evad.winEXE@19/8@22/2
                                        EGA Information:Failed
                                        HDC Information:
                                        • Successful, ratio: 1.7% (good quality ratio 1.4%)
                                        • Quality average: 46.2%
                                        • Quality standard deviation: 25.9%
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 406
                                        • Number of non-executed functions: 9
                                        Cookbook Comments:
                                        • Adjust boot time
                                        • Enable AMSI
                                        • Found application associated with file extension: .exe
                                        Warnings:
                                        Show All
                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                        • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                        • Excluded IPs from analysis (whitelisted): 51.103.5.186, 13.64.90.137, 204.79.197.200, 13.107.21.200, 93.184.220.29, 51.11.168.160, 168.61.161.212, 23.211.6.115, 40.88.32.150, 104.42.151.234, 184.30.24.56, 51.103.5.159, 51.104.139.180, 92.122.213.247, 92.122.213.194, 20.54.26.129, 84.53.167.113
                                        • Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, wns.notify.trafficmanager.net, ocsp.digicert.com, wildcard.weather.microsoft.com.edgekey.net, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, www.bing.com, client.wns.windows.com, skypedataprdcolwus17.cloudapp.net, fs.microsoft.com, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, tile-service.weather.microsoft.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, vip2-par02p.wns.notify.trafficmanager.net
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        17:07:17API Interceptor913x Sleep call for process: e92b274943f4a3a557881ee0dd57772d.exe modified
                                        17:07:23Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe" s>$(Arg0)
                                        17:07:23Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
                                        17:07:25AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                        17:07:26API Interceptor2x Sleep call for process: dhcpmon.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                        79.134.225.1055293ea9467ea45e928620a5ed74440f5.exeGet hashmaliciousBrowse
                                          f1a14e6352036833f1c109e1bb2934f2.exeGet hashmaliciousBrowse
                                            256ec8f8f67b59c5e085b0bb63afcd13.exeGet hashmaliciousBrowse
                                              d88e07467ddcf9e3b19fa972b9f000d1.exeGet hashmaliciousBrowse
                                                73a4f40d0affe5eea89174f8917bba73.exeGet hashmaliciousBrowse
                                                  9a08c8a2b49d6348f2ef35f85a1c6351.exeGet hashmaliciousBrowse
                                                    7eec14e7cec4dc93fbf53e08998b2340.exeGet hashmaliciousBrowse
                                                      f2a22415c1b108ce91fd76e3320431d0.exeGet hashmaliciousBrowse
                                                        1d8eff2bc76e46dc186fa501e24f5cb1.exeGet hashmaliciousBrowse
                                                          1464bbe24dac1f403f15b3c3860f37ca.exeGet hashmaliciousBrowse
                                                            1d78424ce6944359d546dbcbc030f19e.exeGet hashmaliciousBrowse
                                                              84ab43f7eda35ae038b199d3a3586b77.exeGet hashmaliciousBrowse
                                                                Require_Quote_20200128 SSG.pdf ind.exeGet hashmaliciousBrowse
                                                                  DHL FILE 987634732.exeGet hashmaliciousBrowse
                                                                    file.exeGet hashmaliciousBrowse
                                                                      NKF20205 LIST.exeGet hashmaliciousBrowse
                                                                        URGENT PO.exeGet hashmaliciousBrowse
                                                                          scan002947779488.exeGet hashmaliciousBrowse

                                                                            Domains

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            cloudhost.myfirewall.org256ec8f8f67b59c5e085b0bb63afcd13.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            9a08c8a2b49d6348f2ef35f85a1c6351.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            zSDBuG8gDl.exeGet hashmaliciousBrowse
                                                                            • 185.229.243.67
                                                                            65d1beae1fc7eb126cd4a9b277afb942.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.96
                                                                            f2a22415c1b108ce91fd76e3320431d0.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            1d8eff2bc76e46dc186fa501e24f5cb1.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            5134b758f8eb77424254ce67f4697ffe.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.96
                                                                            1d8eff2bc76e46dc186fa501e24f5cb1.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.96
                                                                            460f7e6048ed3ca91f1573a7410fedd6.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.96
                                                                            1d78424ce6944359d546dbcbc030f19e.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105

                                                                            ASN

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                            FINK-TELECOM-SERVICESCHWxTm2cWLHF.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.71
                                                                            Payment Confirmation.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.30
                                                                            rjHlt1zz28.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.49
                                                                            Deadly Variants of Covid 19.docGet hashmaliciousBrowse
                                                                            • 79.134.225.49
                                                                            document.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.122
                                                                            5293ea9467ea45e928620a5ed74440f5.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            f1a14e6352036833f1c109e1bb2934f2.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            256ec8f8f67b59c5e085b0bb63afcd13.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            JOIN.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.30
                                                                            Delivery pdf.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.25
                                                                            d88e07467ddcf9e3b19fa972b9f000d1.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.105
                                                                            fnfqzfwC44.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.25
                                                                            Solicitud de oferta 6100003768.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.96
                                                                            Nrfgylra.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.96
                                                                            HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.62
                                                                            HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.62
                                                                            HTQ19-P0401-Q0539 NE-Q22940 GR2P5 TYPBLDG-NASER AL FERDAN.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.62
                                                                            Form pdf.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.25
                                                                            Quotation 3342688.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.120
                                                                            REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                                                            • 79.134.225.76

                                                                            JA3 Fingerprints

                                                                            No context

                                                                            Dropped Files

                                                                            No context

                                                                            Created / dropped Files

                                                                            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Category:dropped
                                                                            Size (bytes):475648
                                                                            Entropy (8bit):7.633075553718302
                                                                            Encrypted:false
                                                                            SSDEEP:12288:KDWVp7lNYUvq2gFgkeu0cNOYVAKe7dE9jGEiuk:KiV57Yr99eu0cN3VC7vEil
                                                                            MD5:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            SHA1:98957C96B7C2DD066B6C5108F8DED53983427472
                                                                            SHA-256:C6E001729B8ABC3D321756D6964E1A84148F19004F03606953EBBA32081F4C75
                                                                            SHA-512:EE9033D27B384894BC73BFC9AB21ECE48D3FF9CE858A99C29B10F9F687DE0201AFBD238B6141ABC6D44775979AC368D4E843B8F78B910751F187F87F2857C8F8
                                                                            Malicious:true
                                                                            Antivirus:
                                                                            • Antivirus: ReversingLabs, Detection: 10%
                                                                            Reputation:low
                                                                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4`..............P..,...........K... ...`....@.. ....................................@.................................hK..O....`............................................................................... ............... ..H............text....+... ...,.................. ..`.rsrc........`......................@..@.reloc...............@..............@..B.................K......H...........?......n........R...........................................0............(....(..........(.....o.....*.....................(.......( ......(!......("......(#....*N..(....og...($....*&..(%....*.s&........s'........s(........s)........s*........*....0...........~....o+....+..*.0...........~....o,....+..*.0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0..<........~.....(0.....,!r...p.....(1...o2...s3............~.....+..*.0......
                                                                            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):26
                                                                            Entropy (8bit):3.95006375643621
                                                                            Encrypted:false
                                                                            SSDEEP:3:ggPYV:rPYV
                                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                            Malicious:true
                                                                            Reputation:high, very likely benign file
                                                                            Preview: [ZoneTransfer]....ZoneId=0
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                                                                            Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):525
                                                                            Entropy (8bit):5.2874233355119316
                                                                            Encrypted:false
                                                                            SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                                                            MD5:61CCF53571C9ABA6511D696CB0D32E45
                                                                            SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                                                            SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                                                            SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\e92b274943f4a3a557881ee0dd57772d.exe.log
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):525
                                                                            Entropy (8bit):5.2874233355119316
                                                                            Encrypted:false
                                                                            SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9tv:MLF20NaL329hJ5g522rWz2T
                                                                            MD5:61CCF53571C9ABA6511D696CB0D32E45
                                                                            SHA1:A13A42A20EC14942F52DB20FB16A0A520F8183CE
                                                                            SHA-256:3459BDF6C0B7F9D43649ADAAF19BA8D5D133BCBE5EF80CF4B7000DC91E10903B
                                                                            SHA-512:90E180D9A681F82C010C326456AC88EBB89256CC769E900BFB4B2DF92E69CA69726863B45DFE4627FC1EE8C281F2AF86A6A1E2EF1710094CCD3F4E092872F06F
                                                                            Malicious:false
                                                                            Reputation:moderate, very likely benign file
                                                                            Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..
                                                                            C:\Users\user\AppData\Local\Temp\tmp22EF.tmp
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                            Category:dropped
                                                                            Size (bytes):1323
                                                                            Entropy (8bit):5.1600199834185245
                                                                            Encrypted:false
                                                                            SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0Pmxtn:cbk4oL600QydbQxIYODOLedq3Smj
                                                                            MD5:A2656079C3A26D530BF27B9B65082EB8
                                                                            SHA1:8B4B44848C52291110A41283EACEE9922B6B5DD2
                                                                            SHA-256:3CE09B678463F0BB81EF3CC3DD814BC99937D3F9D2203CE3CAAB188D5FAD603E
                                                                            SHA-512:20B281B387315EDF7624B37906DC74B9016FF2C41C6612C373C33F6C97076A6B78A532FED66A078BF99E5FD64346119038EBAD0AD4AB2FB1B1EC5F27E7B31E45
                                                                            Malicious:true
                                                                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                                            C:\Users\user\AppData\Local\Temp\tmp266B.tmp
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                            Category:modified
                                                                            Size (bytes):1310
                                                                            Entropy (8bit):5.109425792877704
                                                                            Encrypted:false
                                                                            SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                                                            MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                                                            SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                                                            SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                                                            SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                                                            Malicious:false
                                                                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:Non-ISO extended-ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):8
                                                                            Entropy (8bit):2.75
                                                                            Encrypted:false
                                                                            SSDEEP:3:a1ft:a/
                                                                            MD5:27205FFD95E8C21E294722F6C7C90F87
                                                                            SHA1:AE76805E7334FDB1C3D0AD94DE3E37BF98732DE4
                                                                            SHA-256:B3FAE43AD48058B592FCE99E646420CECCBF1F62296B6571A51BFD9102EA059B
                                                                            SHA-512:1B10F5AAD92C94689BCA4C13D9455DBD4E33E38225A1FCC32E2BB9BCECA4B8C61518F8C14A0782E522F862B291A4CE3970117E9813F705E9D5DB62AD8B12B876
                                                                            Malicious:true
                                                                            Preview: ./.`..H
                                                                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                                            Process:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File Type:ASCII text, with no line terminators
                                                                            Category:dropped
                                                                            Size (bytes):60
                                                                            Entropy (8bit):4.556297888280896
                                                                            Encrypted:false
                                                                            SSDEEP:3:oNUWJRWAii2FS8lVyILN:oNNJAAiHFnl7
                                                                            MD5:3597821A0D92E1F7F1C2EE61421DE72B
                                                                            SHA1:D15AB9D668CE9589CABF2B508791D845EA04C68C
                                                                            SHA-256:D881E5C2A38DC4DBE74A711776BD7EB83E777593FEACAAA8BEED9A9520256CFC
                                                                            SHA-512:1FDC4AE5A9E2FC2BF6A48D5D6AB09933F796E567E362E965C83888301FDC80CF53570D008ED2157CC462749E832411A3030E319B015AA135836445B80F581118
                                                                            Malicious:false
                                                                            Preview: C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe

                                                                            Static File Info

                                                                            General

                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                            Entropy (8bit):7.633075553718302
                                                                            TrID:
                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                            • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                            • Windows Screen Saver (13104/52) 0.07%
                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                            File name:e92b274943f4a3a557881ee0dd57772d.exe
                                                                            File size:475648
                                                                            MD5:1f2b71c462d73dcdcc69a707a18c38d6
                                                                            SHA1:98957c96b7c2dd066b6c5108f8ded53983427472
                                                                            SHA256:c6e001729b8abc3d321756d6964e1a84148f19004f03606953ebba32081f4c75
                                                                            SHA512:ee9033d27b384894bc73bfc9ab21ece48d3ff9ce858a99c29b10f9f687de0201afbd238b6141abc6d44775979ac368d4e843b8f78b910751f187f87f2857c8f8
                                                                            SSDEEP:12288:KDWVp7lNYUvq2gFgkeu0cNOYVAKe7dE9jGEiuk:KiV57Yr99eu0cN3VC7vEil
                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....4`..............P..,...........K... ...`....@.. ....................................@................................

                                                                            File Icon

                                                                            Icon Hash:00828e8e8686b000

                                                                            Static PE Info

                                                                            General

                                                                            Entrypoint:0x474bba
                                                                            Entrypoint Section:.text
                                                                            Digitally signed:false
                                                                            Imagebase:0x400000
                                                                            Subsystem:windows gui
                                                                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                            Time Stamp:0x6034EC9E [Tue Feb 23 11:53:02 2021 UTC]
                                                                            TLS Callbacks:
                                                                            CLR (.Net) Version:v2.0.50727
                                                                            OS Version Major:4
                                                                            OS Version Minor:0
                                                                            File Version Major:4
                                                                            File Version Minor:0
                                                                            Subsystem Version Major:4
                                                                            Subsystem Version Minor:0
                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                            Entrypoint Preview

                                                                            Instruction
                                                                            jmp dword ptr [00402000h]
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al
                                                                            add byte ptr [eax], al

                                                                            Data Directories

                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x74b680x4f.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x760000x10fc.rsrc
                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x780000xc.reloc
                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                            Sections

                                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                            .text0x20000x72bc00x72c00False0.835452410131data7.64910376893IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                            .rsrc0x760000x10fc0x1200False0.377387152778data4.91259584588IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                            .reloc0x780000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                            Resources

                                                                            NameRVASizeTypeLanguageCountry
                                                                            RT_VERSION0x760900x32edata
                                                                            RT_MANIFEST0x763d00xd25XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                                                                            Imports

                                                                            DLLImport
                                                                            mscoree.dll_CorExeMain

                                                                            Version Infos

                                                                            DescriptionData
                                                                            Translation0x0000 0x04b0
                                                                            LegalCopyrightCopyright 2013
                                                                            Assembly Version1.0.0.23
                                                                            InternalNameFilters.exe
                                                                            FileVersion1.0.0.23
                                                                            CompanyName
                                                                            LegalTrademarks
                                                                            Comments
                                                                            ProductNameQuNectRestore
                                                                            ProductVersion1.0.0.23
                                                                            FileDescriptionQuNectRestore
                                                                            OriginalFilenameFilters.exe

                                                                            Network Behavior

                                                                            Network Port Distribution

                                                                            TCP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Feb 23, 2021 17:07:24.317401886 CET497175654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:24.402925968 CET56544971779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:25.006032944 CET497175654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:25.170547009 CET56544971779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:25.802982092 CET497175654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:25.890747070 CET56544971779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:30.196755886 CET497205654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:30.279649019 CET56544972079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:30.803371906 CET497205654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:30.888102055 CET56544972079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:31.506556988 CET497205654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:31.591274977 CET56544972079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:35.747231960 CET497215654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:35.831572056 CET56544972179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:36.506983995 CET497215654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:36.589525938 CET56544972179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:37.194564104 CET497215654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:37.279087067 CET56544972179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:41.383832932 CET497245654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:41.467339039 CET56544972479.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:42.007436991 CET497245654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:42.091211081 CET56544972479.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:42.695390940 CET497245654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:42.777978897 CET56544972479.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:47.502105951 CET497255654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:47.587483883 CET56544972579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:48.195631027 CET497255654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:48.280992031 CET56544972579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:48.804977894 CET497255654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:48.903510094 CET56544972579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:53.099952936 CET497265654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:53.185305119 CET56544972679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:53.696875095 CET497265654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:53.782341957 CET56544972679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:54.305444002 CET497265654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:54.390938044 CET56544972679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:58.496613026 CET497285654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:58.579344988 CET56544972879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:59.086997986 CET497285654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:59.172306061 CET56544972879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:07:59.680921078 CET497285654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:07:59.765491009 CET56544972879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:04.214276075 CET497315654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:04.297036886 CET56544973179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:04.806471109 CET497315654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:04.892066956 CET56544973179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:05.477663040 CET497315654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:05.562105894 CET56544973179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:09.662631035 CET497325654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:09.748166084 CET56544973279.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:10.362611055 CET497325654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:10.450221062 CET56544973279.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:11.009932041 CET497325654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:11.095531940 CET56544973279.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:15.200858116 CET497355654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:15.285886049 CET56544973579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:15.900957108 CET497355654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:15.983403921 CET56544973579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:16.510380030 CET497355654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:16.592907906 CET56544973579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:20.703866005 CET497365654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:20.791032076 CET56544973679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:21.401786089 CET497365654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:21.488744020 CET56544973679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:22.010874033 CET497365654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:22.096328974 CET56544973679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:26.488413095 CET497375654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:26.570949078 CET56544973779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:27.214370966 CET497375654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:27.298923969 CET56544973779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:27.882488012 CET497375654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:27.967346907 CET56544973779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:32.081837893 CET497385654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:32.167021036 CET56544973879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:32.709744930 CET497385654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:32.794991016 CET56544973879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:33.308701992 CET497385654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:33.393233061 CET56544973879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:37.513951063 CET497405654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:37.599510908 CET56544974079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:38.105928898 CET497405654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:38.193403006 CET56544974079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:38.699738026 CET497405654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:38.786367893 CET56544974079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:42.932596922 CET497415654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:43.016801119 CET56544974179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:43.528386116 CET497415654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:43.610882998 CET56544974179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:44.122071981 CET497415654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:44.204689026 CET56544974179.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:48.332449913 CET497455654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:48.425596952 CET56544974579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:48.935069084 CET497455654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:49.022025108 CET56544974579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:49.528836966 CET497455654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:49.619158983 CET56544974579.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:53.743664026 CET497465654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:53.830708981 CET56544974679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:54.341633081 CET497465654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:54.424118042 CET56544974679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:54.935432911 CET497465654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:55.019927025 CET56544974679.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:59.165054083 CET497475654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:59.253696918 CET56544974779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:08:59.763989925 CET497475654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:08:59.849509001 CET56544974779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:00.357794046 CET497475654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:00.445116043 CET56544974779.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:04.587672949 CET497485654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:04.672992945 CET56544974879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:05.186569929 CET497485654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:05.271919966 CET56544974879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:05.780445099 CET497485654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:05.866170883 CET56544974879.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:10.090039968 CET497495654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:10.184056044 CET56544974979.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:10.686827898 CET497495654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:11.160891056 CET56544974979.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:11.671427965 CET497495654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:11.757283926 CET56544974979.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:15.833434105 CET497505654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:15.921256065 CET56544975079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:16.437310934 CET497505654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:16.523061037 CET56544975079.134.225.105192.168.2.5
                                                                            Feb 23, 2021 17:09:17.031083107 CET497505654192.168.2.579.134.225.105
                                                                            Feb 23, 2021 17:09:17.117119074 CET56544975079.134.225.105192.168.2.5

                                                                            UDP Packets

                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                            Feb 23, 2021 17:07:01.966917992 CET5221253192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:02.010678053 CET53527048.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:02.019895077 CET53522128.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:02.493860006 CET5430253192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:02.544358969 CET53543028.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:02.673930883 CET5378453192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:02.731071949 CET53537848.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:03.031584978 CET6530753192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:03.083000898 CET53653078.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:03.093507051 CET6434453192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:03.142283916 CET53643448.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:03.245066881 CET6206053192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:03.296475887 CET53620608.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:04.191267967 CET6180553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:04.243364096 CET53618058.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:05.222963095 CET5479553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:05.272953033 CET53547958.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:06.924113989 CET4955753192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:06.973278046 CET53495578.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:07.422972918 CET6173353192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:07.481489897 CET53617338.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:08.339463949 CET6544753192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:08.390849113 CET53654478.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:09.774693966 CET5244153192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:09.831759930 CET53524418.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:10.627614021 CET6217653192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:10.684992075 CET53621768.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:11.850918055 CET5959653192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:11.902892113 CET53595968.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:14.212620974 CET6529653192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:14.264101982 CET53652968.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:15.498347998 CET6318353192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:15.547302961 CET53631838.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:16.382819891 CET6015153192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:16.436593056 CET53601518.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:23.839442015 CET5696953192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:23.905378103 CET53569698.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:27.270549059 CET5516153192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:27.335716963 CET53551618.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:30.128424883 CET5475753192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:30.195499897 CET53547578.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:35.678299904 CET4999253192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:35.744441986 CET53499928.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:39.990731955 CET6007553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:40.041691065 CET53600758.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:41.318376064 CET5501653192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:41.382150888 CET53550168.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:47.434134007 CET6434553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:47.496967077 CET53643458.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:53.038328886 CET5712853192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:53.097796917 CET53571288.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:57.724330902 CET5479153192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:57.775765896 CET53547918.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:07:58.442466021 CET5046353192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:07:58.494002104 CET53504638.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:00.102087975 CET5039453192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:00.154416084 CET53503948.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:04.155479908 CET5853053192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:04.213018894 CET53585308.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:09.601368904 CET5381353192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:09.661525011 CET53538138.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:11.137090921 CET6373253192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:11.195926905 CET53637328.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:15.129806995 CET5734453192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:15.187225103 CET53573448.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:20.635152102 CET5445053192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:20.699871063 CET53544508.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:26.388084888 CET5926153192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:26.483036041 CET53592618.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:32.018039942 CET5715153192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:32.080794096 CET53571518.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:32.346096992 CET5941353192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:32.414536953 CET53594138.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:37.451399088 CET6051653192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:37.508657932 CET53605168.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:42.865860939 CET5164953192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:42.930672884 CET53516498.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:43.815403938 CET6508653192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:43.876554012 CET53650868.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:45.763406992 CET5643253192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:45.815440893 CET53564328.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:47.436276913 CET5292953192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:47.493521929 CET53529298.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:48.270625114 CET6431753192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:48.329891920 CET53643178.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:53.683684111 CET6100453192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:53.740900993 CET53610048.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:08:59.079591990 CET5689553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:08:59.144479036 CET53568958.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:09:04.518706083 CET6237253192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:09:04.586355925 CET53623728.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:09:10.028256893 CET6151553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:09:10.088375092 CET53615158.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:09:15.767822981 CET5667553192.168.2.58.8.8.8
                                                                            Feb 23, 2021 17:09:15.830482006 CET53566758.8.8.8192.168.2.5
                                                                            Feb 23, 2021 17:09:21.130548954 CET5717253192.168.2.58.8.8.8

                                                                            DNS Queries

                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                            Feb 23, 2021 17:07:23.839442015 CET192.168.2.58.8.8.80xb8c3Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:30.128424883 CET192.168.2.58.8.8.80xc4f5Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:35.678299904 CET192.168.2.58.8.8.80xa15bStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:41.318376064 CET192.168.2.58.8.8.80x9c0aStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:47.434134007 CET192.168.2.58.8.8.80xce56Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:53.038328886 CET192.168.2.58.8.8.80x7248Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:58.442466021 CET192.168.2.58.8.8.80x8b2Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:04.155479908 CET192.168.2.58.8.8.80x7c47Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:09.601368904 CET192.168.2.58.8.8.80xa2ddStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:15.129806995 CET192.168.2.58.8.8.80x1d5dStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:20.635152102 CET192.168.2.58.8.8.80x5eeeStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:26.388084888 CET192.168.2.58.8.8.80xbd45Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:32.018039942 CET192.168.2.58.8.8.80x965aStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:37.451399088 CET192.168.2.58.8.8.80xd55eStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:42.865860939 CET192.168.2.58.8.8.80x8c7Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:48.270625114 CET192.168.2.58.8.8.80x26f9Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:53.683684111 CET192.168.2.58.8.8.80x9280Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:59.079591990 CET192.168.2.58.8.8.80xee40Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:04.518706083 CET192.168.2.58.8.8.80xd1c9Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:10.028256893 CET192.168.2.58.8.8.80x6e8aStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:15.767822981 CET192.168.2.58.8.8.80xdc2bStandard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:21.130548954 CET192.168.2.58.8.8.80xd499Standard query (0)cloudhost.myfirewall.orgA (IP address)IN (0x0001)

                                                                            DNS Answers

                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                            Feb 23, 2021 17:07:23.905378103 CET8.8.8.8192.168.2.50xb8c3No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:30.195499897 CET8.8.8.8192.168.2.50xc4f5No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:35.744441986 CET8.8.8.8192.168.2.50xa15bNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:41.382150888 CET8.8.8.8192.168.2.50x9c0aNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:47.496967077 CET8.8.8.8192.168.2.50xce56No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:53.097796917 CET8.8.8.8192.168.2.50x7248No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:07:58.494002104 CET8.8.8.8192.168.2.50x8b2No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:04.213018894 CET8.8.8.8192.168.2.50x7c47No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:09.661525011 CET8.8.8.8192.168.2.50xa2ddNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:15.187225103 CET8.8.8.8192.168.2.50x1d5dNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:20.699871063 CET8.8.8.8192.168.2.50x5eeeNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:26.483036041 CET8.8.8.8192.168.2.50xbd45No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:32.080794096 CET8.8.8.8192.168.2.50x965aNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:37.508657932 CET8.8.8.8192.168.2.50xd55eNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:42.930672884 CET8.8.8.8192.168.2.50x8c7No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:48.329891920 CET8.8.8.8192.168.2.50x26f9No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:53.740900993 CET8.8.8.8192.168.2.50x9280No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:08:59.144479036 CET8.8.8.8192.168.2.50xee40No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:04.586355925 CET8.8.8.8192.168.2.50xd1c9No error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:10.088375092 CET8.8.8.8192.168.2.50x6e8aNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)
                                                                            Feb 23, 2021 17:09:15.830482006 CET8.8.8.8192.168.2.50xdc2bNo error (0)cloudhost.myfirewall.org79.134.225.105A (IP address)IN (0x0001)

                                                                            Code Manipulations

                                                                            Statistics

                                                                            CPU Usage

                                                                            Click to jump to process

                                                                            Memory Usage

                                                                            Click to jump to process

                                                                            High Level Behavior Distribution

                                                                            Click to dive into process behavior distribution

                                                                            Behavior

                                                                            Click to jump to process

                                                                            System Behavior

                                                                            Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 5900 Parent PID: 5628

                                                                            General

                                                                            Start time:17:07:10
                                                                            Start date:23/02/2021
                                                                            Path:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe'
                                                                            Imagebase:0x4c0000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.252323083.0000000002BC7000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.252271147.0000000002BA1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.252610124.0000000003BA1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108 Parent PID: 5900

                                                                            General

                                                                            Start time:17:07:18
                                                                            Start date:23/02/2021
                                                                            Path:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            Imagebase:0x7ff797770000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 00000002.00000002.499071538.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: schtasks.exe PID: 2336 Parent PID: 6108

                                                                            General

                                                                            Start time:17:07:20
                                                                            Start date:23/02/2021
                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp22EF.tmp'
                                                                            Imagebase:0xad0000
                                                                            File size:185856 bytes
                                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: conhost.exe PID: 4012 Parent PID: 2336

                                                                            General

                                                                            Start time:17:07:20
                                                                            Start date:23/02/2021
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7ecfc0000
                                                                            File size:625664 bytes
                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: schtasks.exe PID: 2880 Parent PID: 6108

                                                                            General

                                                                            Start time:17:07:21
                                                                            Start date:23/02/2021
                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp266B.tmp'
                                                                            Imagebase:0xad0000
                                                                            File size:185856 bytes
                                                                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: conhost.exe PID: 4860 Parent PID: 2880

                                                                            General

                                                                            Start time:17:07:21
                                                                            Start date:23/02/2021
                                                                            Path:C:\Windows\System32\conhost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                            Imagebase:0x7ff7ecfc0000
                                                                            File size:625664 bytes
                                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:high

                                                                            Chronological Activities

                                                                            Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 6200 Parent PID: 904

                                                                            General

                                                                            Start time:17:07:23
                                                                            Start date:23/02/2021
                                                                            Path:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe 0
                                                                            Imagebase:0x8c0000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000009.00000002.275215575.0000000002FD4000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000009.00000002.275177741.0000000002FB1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.275575320.0000000003FB1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: dhcpmon.exe PID: 6296 Parent PID: 904

                                                                            General

                                                                            Start time:17:07:23
                                                                            Start date:23/02/2021
                                                                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                                                            Imagebase:0xd10000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000A.00000002.275680850.00000000033D6000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000A.00000002.275574869.00000000033B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.276093432.00000000043B1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Antivirus matches:
                                                                            • Detection: 10%, ReversingLabs
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460 Parent PID: 6200

                                                                            General

                                                                            Start time:17:07:28
                                                                            Start date:23/02/2021
                                                                            Path:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Users\user\Desktop\e92b274943f4a3a557881ee0dd57772d.exe
                                                                            Imagebase:0x850000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.290065986.0000000003EF1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.289889933.0000000002EF1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 0000000B.00000002.287315536.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: dhcpmon.exe PID: 6468 Parent PID: 6296

                                                                            General

                                                                            Start time:17:07:28
                                                                            Start date:23/02/2021
                                                                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Imagebase:0x490000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.289277143.0000000002BF1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.289384974.0000000003BF1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.287530922.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: dhcpmon.exe PID: 6720 Parent PID: 3472

                                                                            General

                                                                            Start time:17:07:33
                                                                            Start date:23/02/2021
                                                                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                                                            Imagebase:0x280000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000010.00000002.292745387.0000000002A27000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 00000010.00000002.293020224.0000000003A01000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000010.00000002.292697027.0000000002A01000.00000004.00000001.sdmp, Author: Joe Security
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: dhcpmon.exe PID: 7024 Parent PID: 6720

                                                                            General

                                                                            Start time:17:07:36
                                                                            Start date:23/02/2021
                                                                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Wow64 process (32bit):true
                                                                            Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                            Imagebase:0xd40000
                                                                            File size:475648 bytes
                                                                            MD5 hash:1F2B71C462D73DCDCC69A707A18C38D6
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:true
                                                                            Programmed in:.Net C# or VB.NET
                                                                            Yara matches:
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.310042790.00000000033F1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 00000014.00000002.304832264.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, Author: Joe Security
                                                                            • Rule: NanoCore, Description: unknown, Source: 00000014.00000002.310443660.00000000043F1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                            Reputation:low

                                                                            Chronological Activities

                                                                            Analysis Process: backgroundTaskHost.exe PID: 7024 Parent PID: 792

                                                                            General

                                                                            Start time:17:09:01
                                                                            Start date:23/02/2021
                                                                            Path:C:\Windows\System32\backgroundTaskHost.exe
                                                                            Wow64 process (32bit):false
                                                                            Commandline:'C:\Windows\system32\backgroundTaskHost.exe' -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
                                                                            Imagebase:0x7ff64e5e0000
                                                                            File size:19352 bytes
                                                                            MD5 hash:B7FC4A29431D4F795BBAB1FB182B759A
                                                                            Has elevated privileges:true
                                                                            Has administrator privileges:false
                                                                            Programmed in:C, C++ or other language
                                                                            Reputation:moderate

                                                                            Chronological Activities

                                                                            Disassembly

                                                                            Code Analysis

                                                                            Reset < >

                                                                              Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 5900 Parent PID: 5628 e92b274943f4a3a557881ee0dd57772d.exeCOMMON

                                                                              Executed Functions

                                                                              Function 04CE3A30, Relevance: 17.1, Strings: 13, Instructions: 888COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: &$-$.$=$?$F$N$U$\$_$h$m$t
                                                                              • API String ID: 0-2137078230
                                                                              • Opcode ID: e64b086da0d0a16d266b1bc1a946d8e874a2aec2a023050ea534fdb398b1da05
                                                                              • Instruction ID: 104c95c4e90a48d1fc83c02896137827ff176b418f4108e00d61f81e2e99e805
                                                                              • Opcode Fuzzy Hash: e64b086da0d0a16d266b1bc1a946d8e874a2aec2a023050ea534fdb398b1da05
                                                                              • Instruction Fuzzy Hash: DC82E175C05268CEDB28CFA2C9183FDFAB6AB45349F1490A9C109B7291D7785BC8DF18
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE3A2B, Relevance: 15.5, Strings: 12, Instructions: 475COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !$,$7$=$D$F$G$K$X$Y$[$o
                                                                              • API String ID: 0-3673748993
                                                                              • Opcode ID: cfed7149c042179547f818d467bf5997b095ec46e26fed6abb6fc3be8212335d
                                                                              • Instruction ID: 582b855c8694a73ae1556cf04d68e8c317ad6fed9b40244ec4f346eaccecab7b
                                                                              • Opcode Fuzzy Hash: cfed7149c042179547f818d467bf5997b095ec46e26fed6abb6fc3be8212335d
                                                                              • Instruction Fuzzy Hash: D422F5B1D05268CEEB28CF92C8583EDFAB6BB45349F1481E9C109A7291D7781BC8DF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE67B0, Relevance: .2, Instructions: 168COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8c804b2eb1b953912f6b21b2ca43a4a05b6a7094e3ba3586a01d70c8679e5165
                                                                              • Instruction ID: 0b04079ba3bbc1e8081f9f40301ab3f125cf2ce40a51aa0ad020196ea1dfc783
                                                                              • Opcode Fuzzy Hash: 8c804b2eb1b953912f6b21b2ca43a4a05b6a7094e3ba3586a01d70c8679e5165
                                                                              • Instruction Fuzzy Hash: 60611670E101088BCB44DFAAC5846ADFBF2FF99324FA4C265E464BB355D734A942CB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE65A8, Relevance: .2, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e7c4939235a58bf02ecd20884311f8ad5027cf49d8aa06c9e45421305d87c1cd
                                                                              • Instruction ID: e988b89e6874fdc29ca399a6b7b1165febf342b936b0907472251babc2f5450c
                                                                              • Opcode Fuzzy Hash: e7c4939235a58bf02ecd20884311f8ad5027cf49d8aa06c9e45421305d87c1cd
                                                                              • Instruction Fuzzy Hash: 6051F671E102188BDF44DFAAC9445EDBBB7FF99324F948129E524BB250DB316902CF60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE6599, Relevance: .1, Instructions: 142COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8aa625b2bc9f3ceb2d762941913daee3aa11ed256bdf33af6cf4614b8cfa496b
                                                                              • Instruction ID: 7c27476986863349b3b1aae5c1a6e831b1ca6242e07b21ba4a5aa4f0d94a98fd
                                                                              • Opcode Fuzzy Hash: 8aa625b2bc9f3ceb2d762941913daee3aa11ed256bdf33af6cf4614b8cfa496b
                                                                              • Instruction Fuzzy Hash: C151F5B1E142188BDF04CFABC9446EDBBB7EF99310F648129D514BB395EB3569028F60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE4ACB, Relevance: 10.5, Strings: 8, Instructions: 513COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: &$)$>$W$[$^$d$m
                                                                              • API String ID: 0-1240731744
                                                                              • Opcode ID: 3f2fc72a3b198f252c92fbee2b50fa9cf46a8db03fa2ef4e24903ed3013b69fa
                                                                              • Instruction ID: f9db29c8f50b71d2b5b430b81cec10663f3f8aef9a70a3ad4b3e093f58ce23dc
                                                                              • Opcode Fuzzy Hash: 3f2fc72a3b198f252c92fbee2b50fa9cf46a8db03fa2ef4e24903ed3013b69fa
                                                                              • Instruction Fuzzy Hash: A822EFB5C06268DEEB28CFA2C9587FDFAB5BB45349F149099D00877291D3781B88CF58
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE09D9, Relevance: 3.1, Strings: 1, Instructions: 1827COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <mp
                                                                              • API String ID: 0-3802700803
                                                                              • Opcode ID: 5d33eb74960f85d8caf64a542f600c429b1fce9e6179fbc27ffa23045325c527
                                                                              • Instruction ID: 2dc8197b5a97cd2289860716722c3ef64cf3a677e9811613bf8ec70db2d651c4
                                                                              • Opcode Fuzzy Hash: 5d33eb74960f85d8caf64a542f600c429b1fce9e6179fbc27ffa23045325c527
                                                                              • Instruction Fuzzy Hash: 3113A234A012188FDB65DF24C998B9DB7B2FF8A305F5145E9E409AB761CB31AE85CF01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE09E8, Relevance: 3.1, Strings: 1, Instructions: 1819COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <mp
                                                                              • API String ID: 0-3802700803
                                                                              • Opcode ID: 219dada88a71f66f2dc26414f75f3f8b7c5008f92fa5cb835d9b8ef4a0e354a0
                                                                              • Instruction ID: 34abd670099d578bb03e505654f820d790a59100392a2b583f0049df6991af8f
                                                                              • Opcode Fuzzy Hash: 219dada88a71f66f2dc26414f75f3f8b7c5008f92fa5cb835d9b8ef4a0e354a0
                                                                              • Instruction Fuzzy Hash: 2613A134A012188FDB65DF24C998B9DB7B2FF8A305F5145E9E409AB761CB31AE85CF01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B0AAB1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: f0468690b13af72e8a2c7cf498ee34ef94d01fa2c9cacaca4c8c90655b44511e
                                                                              • Instruction ID: d7c3d6e6da9866bf8e103ebfe09a803d211133223bada0b85d0d2045b7bb3a1c
                                                                              • Opcode Fuzzy Hash: f0468690b13af72e8a2c7cf498ee34ef94d01fa2c9cacaca4c8c90655b44511e
                                                                              • Instruction Fuzzy Hash: 4A31B6725443846FE7128B65CC85FA7BFFCEF05310F08889AED819B192D664E909CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0B01D, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 00B0B0CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: 916f8b081d382b3893b9e964c2ddacc3ba094791022d16fe2ab883ca0a429dde
                                                                              • Instruction ID: 61b764d00f3172c51a779cb425875682e80c6e824751f30bd5e89306760ba806
                                                                              • Opcode Fuzzy Hash: 916f8b081d382b3893b9e964c2ddacc3ba094791022d16fe2ab883ca0a429dde
                                                                              • Instruction Fuzzy Hash: 3C31527654E3C06FD7138B259C61A61BFB4EF87610F0E41DBD8848F5A3D628A909C7B2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,96D2DD04,00000000,00000000,00000000,00000000), ref: 00B0ABB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: f4cebb0e2d688a3498c754dedb8b194ef26024eb83f92baf7cacb1db377de2b7
                                                                              • Instruction ID: c7fb414de19ad9ba4f8da81c533c7c415c32eb0d22c1f3250ebf769e24048a56
                                                                              • Opcode Fuzzy Hash: f4cebb0e2d688a3498c754dedb8b194ef26024eb83f92baf7cacb1db377de2b7
                                                                              • Instruction Fuzzy Hash: B83195755093846FD722CB65CC84F52BFFCEF46310F0884DAE985CB192D264E948CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B0AAB1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 33b769e392d367781ee87e4a78e533b9e17fd54975045c88c10b5e738933cdc0
                                                                              • Instruction ID: fcf4b3b706c7575f76d9179858147bb0fc6c0adcf7116b5761d773c00aa39ada
                                                                              • Opcode Fuzzy Hash: 33b769e392d367781ee87e4a78e533b9e17fd54975045c88c10b5e738933cdc0
                                                                              • Instruction Fuzzy Hash: 6A2192B2500704AEE7219A55DD84FABFBECEF54310F14885AEA459A281D674E908CA71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0BDAD, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DrawTextExW.USER32(?,?,?,?,?), ref: 00B0BE2F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DrawText
                                                                              • String ID:
                                                                              • API String ID: 2175133113-0
                                                                              • Opcode ID: 9be3b6d92783dfc8096266d1c6feedde93b6a0a92060e06e2d728f509250c685
                                                                              • Instruction ID: 297896c5e1a394d893ea57b9d3d96b557bbd95dc891a65d919250090b43e195b
                                                                              • Opcode Fuzzy Hash: 9be3b6d92783dfc8096266d1c6feedde93b6a0a92060e06e2d728f509250c685
                                                                              • Instruction Fuzzy Hash: 062181715057849FDB22CF25D844F92BFF4EF16310F0989DAE9848B162D375E808CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,96D2DD04,00000000,00000000,00000000,00000000), ref: 00B0ABB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 17459911d25082da211d772a4ab6997714708f638f0f9ae85d20acdea3a309fd
                                                                              • Instruction ID: d2428406be80030ccae9c7a88a0f0e6d1868eff4d10154d99fd14d6fef95948c
                                                                              • Opcode Fuzzy Hash: 17459911d25082da211d772a4ab6997714708f638f0f9ae85d20acdea3a309fd
                                                                              • Instruction Fuzzy Hash: 182160B5504704AFE721CF65DC84F66FBECEF44710F1488AAED459B291D760E808CA72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0B675, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00B0B6F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoadShim
                                                                              • String ID:
                                                                              • API String ID: 1475914169-0
                                                                              • Opcode ID: 8519395e6002401ce0c68d12d53203341c358a6fc01838e67459a11434732d32
                                                                              • Instruction ID: 39dfda88336fa13e566c7b899e964ef807b00b94fcce553ed05c272e3678ae75
                                                                              • Opcode Fuzzy Hash: 8519395e6002401ce0c68d12d53203341c358a6fc01838e67459a11434732d32
                                                                              • Instruction Fuzzy Hash: F7218E755093845FD7228E25DC45B62FFE8EF56314F08809AED858B293D365E908CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 07F5090D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 07F50981
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.259910066.0000000007F50000.00000040.00000001.sdmp, Offset: 07F50000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 41896fee702d31b291beb89bd79f5f63abebd02a0305f634dab8deaaacbc2581
                                                                              • Instruction ID: 7267d0f3b6eebe469b465e9d5a479fc10e5af8b739bc1669062b61874d999e66
                                                                              • Opcode Fuzzy Hash: 41896fee702d31b291beb89bd79f5f63abebd02a0305f634dab8deaaacbc2581
                                                                              • Instruction Fuzzy Hash: D4216A724097C09FDB128B25CC44A52BFB4EF47220F0984DAE9C48B263D225A818DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B0A58A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 46197b4775ca1e928c542f0f30bf3eb7f2eb4aa02ac96e9405d878e2567966ce
                                                                              • Instruction ID: 7fefab779367474d257bab759fb31858c11eb182f1c319888d56d2adc74718b1
                                                                              • Opcode Fuzzy Hash: 46197b4775ca1e928c542f0f30bf3eb7f2eb4aa02ac96e9405d878e2567966ce
                                                                              • Instruction Fuzzy Hash: 3E117272409780AFDB228F55DC44A62FFF4EF5A320F0884DAED858B152D375A418DB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0B26F, Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNELBASE(?), ref: 00B0B2D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: c3190cf0051f5e82a0e24bb5701ee9f2f5034ca0b3c884262c585142d78f8562
                                                                              • Instruction ID: d715e2e2a0266ca4b929f672498991cce9522b3f417f79751f866275cfecaa4a
                                                                              • Opcode Fuzzy Hash: c3190cf0051f5e82a0e24bb5701ee9f2f5034ca0b3c884262c585142d78f8562
                                                                              • Instruction Fuzzy Hash: D6118E714093C09FDB12CF25D854B96BFF8EF47210F0884EAEC848F263D265A848CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 07F50B5B, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 07F50BC5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.259910066.0000000007F50000.00000040.00000001.sdmp, Offset: 07F50000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 0607db1eabddc72602e363c4c51eb2aefcd20e012990add76b95afba8dfb32b3
                                                                              • Instruction ID: 16e9e400d3e41f9af0796090e4a4e611a801421d967e8183305b912523457603
                                                                              • Opcode Fuzzy Hash: 0607db1eabddc72602e363c4c51eb2aefcd20e012990add76b95afba8dfb32b3
                                                                              • Instruction Fuzzy Hash: 1011DD72449384AFDB228F25DC85B52FFB4EF46324F08C09EED858B263C265A418CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0BDDE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DrawTextExW.USER32(?,?,?,?,?), ref: 00B0BE2F
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DrawText
                                                                              • String ID:
                                                                              • API String ID: 2175133113-0
                                                                              • Opcode ID: e6b1f8b6e9d49ee314e5788763b452147ed95f971aa37e170645041a37a4451a
                                                                              • Instruction ID: 326cb5a8ac0050e244d61d181261c23c89abf60848a8c4d5a373817b7a07bbf5
                                                                              • Opcode Fuzzy Hash: e6b1f8b6e9d49ee314e5788763b452147ed95f971aa37e170645041a37a4451a
                                                                              • Instruction Fuzzy Hash: 90112A755006449FDB20CF65D884BA6FFE8EF44710F1888AAEE498B692D375E818CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A290, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(?), ref: 00B0A2EC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 842648bd00ca75eb96ad0d6d1343bc2c64f681074b9ab8af095aff36064bc518
                                                                              • Instruction ID: e71f7aefab1e8b20059a2aa9d1e3fe80e8e8fdeeb31769ae410cbd5eb03db798
                                                                              • Opcode Fuzzy Hash: 842648bd00ca75eb96ad0d6d1343bc2c64f681074b9ab8af095aff36064bc518
                                                                              • Instruction Fuzzy Hash: 6F1182715093849FD711CB25DC45B52FFF8EF46220F0980DAED858B252D264E908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,?,?), ref: 00B0A926
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: cb42c394ab7dbef526e32780d068fc7a3b65b3fe38ddabd50403bcb60d48765a
                                                                              • Instruction ID: 39d2832b2e519bf26d283cd8cdecedd4020e47d0452cc9f31bcae8ddc75ba974
                                                                              • Opcode Fuzzy Hash: cb42c394ab7dbef526e32780d068fc7a3b65b3fe38ddabd50403bcb60d48765a
                                                                              • Instruction Fuzzy Hash: 35117C36409784AFD7218F15DC85A52FFF4EF46320F09C4DAED854B262D375A818CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0B6A6, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00B0B6F1
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoadShim
                                                                              • String ID:
                                                                              • API String ID: 1475914169-0
                                                                              • Opcode ID: fe1ce12cab94d66162ad4c591b1f4ba24d2a0c6c81e6349c9748d8150f0a7abf
                                                                              • Instruction ID: 253db37ab262be4fe035f15b186989c42f691056a40af12338c28e2d627a2747
                                                                              • Opcode Fuzzy Hash: fe1ce12cab94d66162ad4c591b1f4ba24d2a0c6c81e6349c9748d8150f0a7abf
                                                                              • Instruction Fuzzy Hash: 9C018C755002049FDB20CE29D885B22FFE8EF94720F08C49ADD598B292D375E808CF72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A350, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(?), ref: 00B0A3A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: f426e6c2dd5a6531215d300ac404836e7ff96f3eb361af37d7209e0846656022
                                                                              • Instruction ID: 0913fdc98246eb4f118eac7c1aab81079a12b56b4921469a6083067eeeee296d
                                                                              • Opcode Fuzzy Hash: f426e6c2dd5a6531215d300ac404836e7ff96f3eb361af37d7209e0846656022
                                                                              • Instruction Fuzzy Hash: A901C0754093849FD7128F25DC84B52FFB4EF46324F09C0DAED858F262D278A808CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B0A58A
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 39f0c497f76449560c6b773f01d812a31d3f6e76ff4748389743a538e6e898e3
                                                                              • Instruction ID: 3d717ff42806ce6bd73d47814c84915afa8dae14287756ac08f178f96e5c86e3
                                                                              • Opcode Fuzzy Hash: 39f0c497f76449560c6b773f01d812a31d3f6e76ff4748389743a538e6e898e3
                                                                              • Instruction Fuzzy Hash: 3B015B724007009FDB218F55D884B56FFE4EF58321F18C8AAED494A652C375A418DF62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0B29E, Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNELBASE(?), ref: 00B0B2D8
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: eef4f33ba3b7c395ac459370a570a81e01fc44903387c35a40354dbb8ba3cb75
                                                                              • Instruction ID: 495fc59ceec29c4dd182e9acf53fc9eaf9729965b5ab3456868ad98a0a5c87f9
                                                                              • Opcode Fuzzy Hash: eef4f33ba3b7c395ac459370a570a81e01fc44903387c35a40354dbb8ba3cb75
                                                                              • Instruction Fuzzy Hash: 5C017C719102409FDB10DF29D884B6AFFE8EF44321F18C0AADD488B286D374E808CBA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0B07E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 00B0B0CE
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: 213daa91c5a4715df7140a99a47748944807bf9901bac6477d87025e835c3a62
                                                                              • Instruction ID: dc7fb6d2998b10bbb41cda229144a3a58f01ac3fbcbff31f5ab704f6e532e7a2
                                                                              • Opcode Fuzzy Hash: 213daa91c5a4715df7140a99a47748944807bf9901bac6477d87025e835c3a62
                                                                              • Instruction Fuzzy Hash: 7101AD72500600ABD210DF1ADC86B26FBE8FBC8B20F14815AED084B745E635F915CBE6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 07F50B8A, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 07F50BC5
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.259910066.0000000007F50000.00000040.00000001.sdmp, Offset: 07F50000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: d6d7d6eb4f9321c838f3d2ca69d288051d2ac87ca0a8decd45f74d34268d6cb2
                                                                              • Instruction ID: 035a637735b515d8bf9e022e24adc62b324cd27d871f9f89b35eaa7efbe1fe81
                                                                              • Opcode Fuzzy Hash: d6d7d6eb4f9321c838f3d2ca69d288051d2ac87ca0a8decd45f74d34268d6cb2
                                                                              • Instruction Fuzzy Hash: 3901B1B69007409FDB208F29D884B65FFA4EF44324F08C09ADE558B652C671E418CFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A2B2, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(?), ref: 00B0A2EC
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 7629d53d92937975e4534e7068f8c30cec7a68794ddb294274bbb28ac63be359
                                                                              • Instruction ID: 106767a08f5c33e683f118f81160004136cd3e9e1242bda90da7de62a294a3f6
                                                                              • Opcode Fuzzy Hash: 7629d53d92937975e4534e7068f8c30cec7a68794ddb294274bbb28ac63be359
                                                                              • Instruction Fuzzy Hash: B601AD715003408FDB20CF1AD885766FFE4EF44320F18C4EADD498B282D275E848CA62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 07F50946, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 07F50981
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.259910066.0000000007F50000.00000040.00000001.sdmp, Offset: 07F50000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 8549becec5d9c668fdc330fefb367a131c5ea6251009c002ac21ede6c54e2da4
                                                                              • Instruction ID: ab6b85a5c235d29c82f1112167b0a022a25013eaaded7546a8ebf2033915bf31
                                                                              • Opcode Fuzzy Hash: 8549becec5d9c668fdc330fefb367a131c5ea6251009c002ac21ede6c54e2da4
                                                                              • Instruction Fuzzy Hash: EE018F768106409FEB208F25D844B65FFA0EF85320F08C49AEE990B756D275E418CFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,?,?), ref: 00B0A926
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: b3b87dcc7ec303746fe638e9691b9551ac3b181f10656ca208668dd286a64ad2
                                                                              • Instruction ID: f352c4c02933fa9ee1deb74b732cbc7bec3bc0aefd055242a602ca99b52a7d40
                                                                              • Opcode Fuzzy Hash: b3b87dcc7ec303746fe638e9691b9551ac3b181f10656ca208668dd286a64ad2
                                                                              • Instruction Fuzzy Hash: D801AD355007049FDB208F15D885B51FFE4EF44320F18C4AADD8A0B292C275A808DF62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B0A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(?), ref: 00B0A3A4
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251166872.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: 974c9aa01357406490149b7940d02fb83aa40016d3259f8cdabc0e0c87a62d13
                                                                              • Instruction ID: 8b8bc4517a99dc134383392ec5127ce25d413b4d72bcf56b095351e106dece88
                                                                              • Opcode Fuzzy Hash: 974c9aa01357406490149b7940d02fb83aa40016d3259f8cdabc0e0c87a62d13
                                                                              • Instruction Fuzzy Hash: C5F0AF754103449FDB20CF15D884765FFE4EF44325F18C4DADD494B692D279A408CFA6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE0448, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `5(r
                                                                              • API String ID: 0-3683955166
                                                                              • Opcode ID: 7138e6cb022befdeb82f3b1e25b16503d21e7b2bdc97dcf7e42d8ceb8aa34e29
                                                                              • Instruction ID: 3da2860765686dfecfec0fd85953336b9f912e09b534e4c8c9cd77819c322acf
                                                                              • Opcode Fuzzy Hash: 7138e6cb022befdeb82f3b1e25b16503d21e7b2bdc97dcf7e42d8ceb8aa34e29
                                                                              • Instruction Fuzzy Hash: 3D91D474E01218CFDB14DFAAC894BADBBF2BF49310F1081A9D509AB391DB71A985CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDFEB, Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: c1a09fe3df0d3e9d0c9b8125be9dc8f2615e8cb0310a62bc588a2ce9bbb061a6
                                                                              • Instruction ID: cd4a36adfa3183b3f9fc2c3fd7646c8df8c1c2ab19664e8f50734d4ee8b501e1
                                                                              • Opcode Fuzzy Hash: c1a09fe3df0d3e9d0c9b8125be9dc8f2615e8cb0310a62bc588a2ce9bbb061a6
                                                                              • Instruction Fuzzy Hash: EF5188B4D012288FDB64DF69C894BECBBB2BB49305F1481EAD509A7281DB346E85DF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE0879, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: </(r
                                                                              • API String ID: 0-1274947426
                                                                              • Opcode ID: f6b7bf3739bfd01e47ea7bab461f102bd38fd1fc279032e310a3affe0106c9c6
                                                                              • Instruction ID: ad19197a55650094bb457dafbacf1a7af138da87a4b536e35bfd7fd10b5af7b6
                                                                              • Opcode Fuzzy Hash: f6b7bf3739bfd01e47ea7bab461f102bd38fd1fc279032e310a3affe0106c9c6
                                                                              • Instruction Fuzzy Hash: B2317C74A00109DFCB04EBA8DA919EEBBB2FF85304F2085A9D4056B395DF30AF01DB95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE0888, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: </(r
                                                                              • API String ID: 0-1274947426
                                                                              • Opcode ID: fc262c1ced80f632aa69e37bcce64912244d72a09ce6e489af1649bef2dfe9d7
                                                                              • Instruction ID: a4ddd288dcb3cbd1f3a808212bba7d5091a8f44b07783cc9c58f21961dd78164
                                                                              • Opcode Fuzzy Hash: fc262c1ced80f632aa69e37bcce64912244d72a09ce6e489af1649bef2dfe9d7
                                                                              • Instruction Fuzzy Hash: 40312A30A00109DFCB04EBA8D6959EEBBB2FF84304F6085A8D4156B354DF30AF41DB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE20C, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: 6190c5bfd06f3049c573b54d3c1df17100d4bbcd0dd97858df58e79743368ca7
                                                                              • Instruction ID: 4901e57795cc74665942d4d9abe36857e26e5e0392d296e4d23f35fcbc8a3a48
                                                                              • Opcode Fuzzy Hash: 6190c5bfd06f3049c573b54d3c1df17100d4bbcd0dd97858df58e79743368ca7
                                                                              • Instruction Fuzzy Hash: 5A318F75900228CFDB64CF59C884BE9B7B1BB49304F1485D9E519A7252C735AEC6CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED1C0, Relevance: .3, Instructions: 324COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6658005138d9d662004fe91b91cceb5ec45944e964f9028e2f85734931cff3dd
                                                                              • Instruction ID: c964f4813212de63d972e59c5be638b86c9df752d70d659958d6609b7d790254
                                                                              • Opcode Fuzzy Hash: 6658005138d9d662004fe91b91cceb5ec45944e964f9028e2f85734931cff3dd
                                                                              • Instruction Fuzzy Hash: C8D147B4D05219CFEB14DFA6D5487EDBBF2BB09305F1490A9C44AB3290DB785A84CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED1D0, Relevance: .3, Instructions: 320COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0f4236bdb6db1c216f802a286d94b4c1187e41720f5f21657639f9494bebe745
                                                                              • Instruction ID: 9749386211777a334dfe65470ad84151912b1de62a2257769a39c65bbba37002
                                                                              • Opcode Fuzzy Hash: 0f4236bdb6db1c216f802a286d94b4c1187e41720f5f21657639f9494bebe745
                                                                              • Instruction Fuzzy Hash: 0DD126B4D05219CFEB14DFA6D5487EDBBF2BB09306F1490A9C44AA3290DB786A84CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE6A1D, Relevance: .2, Instructions: 202COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c21a1d318354ced6630452f171fd31678dba5fe6c575a33fa7a50b665472522a
                                                                              • Instruction ID: 8a6a89a2fd1a1e25afcf276ea72f4a3bc99de13ff98884921d04c980922e1c30
                                                                              • Opcode Fuzzy Hash: c21a1d318354ced6630452f171fd31678dba5fe6c575a33fa7a50b665472522a
                                                                              • Instruction Fuzzy Hash: 19A1F4B4A01218CFEB54DF64D985BACBBF2FB48304F1081AAE949A7354DB719E81CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE0439, Relevance: .2, Instructions: 197COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cd8d6591e81175a65137825b48367c1d77176b379df8928b9f8c137462ebcd1c
                                                                              • Instruction ID: 060195a57896c1c0d39453c719f2401d9a9f4f0b57805322b988d6a1cc8c97aa
                                                                              • Opcode Fuzzy Hash: cd8d6591e81175a65137825b48367c1d77176b379df8928b9f8c137462ebcd1c
                                                                              • Instruction Fuzzy Hash: B381D374E01218CFDB54CFAAC894BADBBF2BF49310F1481A9D409AB351DB71A985CF90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE6E50, Relevance: .2, Instructions: 195COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f826496463243e387bafec8a86ded567cb06867031bc2d8269687a29fb9fffe0
                                                                              • Instruction ID: b1acc6b9fce98aa05a9c262a4ed36de50cb189a9580fa3b2fdafb69b6637714c
                                                                              • Opcode Fuzzy Hash: f826496463243e387bafec8a86ded567cb06867031bc2d8269687a29fb9fffe0
                                                                              • Instruction Fuzzy Hash: 31A10AB4A00259CFDB40DFA8D984B9CBBF2FF08318F1480A9E549AB354DB75A985CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CECB41, Relevance: .2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 12f0127785640e547385dc1b8189df9432a9dc672db6ef45bce8fae5f9c4bb4c
                                                                              • Instruction ID: 9b7ce5985824cdd745e4f3a7503bd4c596d7d05025d6012750e7db058e22e0a5
                                                                              • Opcode Fuzzy Hash: 12f0127785640e547385dc1b8189df9432a9dc672db6ef45bce8fae5f9c4bb4c
                                                                              • Instruction Fuzzy Hash: 99712570E01208CFCB00CFAAD584AADBBB2FF4A314F648155E465BB351D735AA42DF64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CECE38, Relevance: .1, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 50294f3039a59f7f4a3642afc78d17a3f4564dcb69d2a0cf65c58a386569004c
                                                                              • Instruction ID: de3dcfb1a9c1774a88cd7930a0d15dc27e1b6ddd168048977ccbe97b366904bf
                                                                              • Opcode Fuzzy Hash: 50294f3039a59f7f4a3642afc78d17a3f4564dcb69d2a0cf65c58a386569004c
                                                                              • Instruction Fuzzy Hash: AB513570E052089FCB00CFEAD584BBDBBF2AF4A314F249569E415B7390D734AA809B60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED8BE, Relevance: .1, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b06adba1fb105e6e8668b5e6262785ae252a15a944cd9abb95df9f1848cc5b90
                                                                              • Instruction ID: 5e259253204f341cbdee7c7662bac94022d9192c17643b52b531aceba49249ad
                                                                              • Opcode Fuzzy Hash: b06adba1fb105e6e8668b5e6262785ae252a15a944cd9abb95df9f1848cc5b90
                                                                              • Instruction Fuzzy Hash: B451B074E09249CFCB40DFAAD484AEDBBF2BB49300F14912AD91ABB345EB346941DF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE627B, Relevance: .1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e8756ff459665ab87e6edbe63eb1e1135a4f7ddb62d3d2bbb8573b8c0a009826
                                                                              • Instruction ID: ced3e56c091a98d6b0c3874c4df9ceb926455eb0610de77596ce52b17f5153aa
                                                                              • Opcode Fuzzy Hash: e8756ff459665ab87e6edbe63eb1e1135a4f7ddb62d3d2bbb8573b8c0a009826
                                                                              • Instruction Fuzzy Hash: C85190B4E05208DFCB48DFA9D9949ADBBF2FF89300F60816AE805A7364DB345A45CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE6DDD, Relevance: .1, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 476a2700a0c353ec140d66f27623238c400eb3688c92ba4c8f7c729c5c1e97a5
                                                                              • Instruction ID: 7cc0a712fcdefeb97c3307d4156cdc2e9eacbebeab1bc30e858cc3869815be46
                                                                              • Opcode Fuzzy Hash: 476a2700a0c353ec140d66f27623238c400eb3688c92ba4c8f7c729c5c1e97a5
                                                                              • Instruction Fuzzy Hash: DB5128B4A01219CFDB50DF68D985B9CBBF2FB48318F1480A9E909EB354DB719981CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE70BC, Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 36382959d78ccc4aea0995fdf2b603daadccbef4c69d233916b7f7545d9826f9
                                                                              • Instruction ID: 74ea49d682daa6dbb00a3ba27e4e614b576fe63e7c612c4fe636deb048a7ed44
                                                                              • Opcode Fuzzy Hash: 36382959d78ccc4aea0995fdf2b603daadccbef4c69d233916b7f7545d9826f9
                                                                              • Instruction Fuzzy Hash: 9F5119B4A01619CFDB50DF68D985B9CBBF2FB08318F1480A9E549EB394DB71A981CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDAE8, Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f02c4fd707d5b3fe61d38834131273f982d6be73c94494aa751ba8cb7c8ed58b
                                                                              • Instruction ID: 602ad0ae43bc546d817576af3030a14f3f5d24beeee6cc7f53dcb9a0ae65c11f
                                                                              • Opcode Fuzzy Hash: f02c4fd707d5b3fe61d38834131273f982d6be73c94494aa751ba8cb7c8ed58b
                                                                              • Instruction Fuzzy Hash: 71511AB4D04229CFDB68CF26CD45BE9BBF2EB49300F14C4EAD559A7240EB715A858F50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDA79, Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3e986efba6031c4e6b86242183caf773613e45897d1e792b86ed6dececdeea16
                                                                              • Instruction ID: 03b56a2a812c34e9cddeaf520377251107f5274ab8c980b4e2a6a03fd9224d97
                                                                              • Opcode Fuzzy Hash: 3e986efba6031c4e6b86242183caf773613e45897d1e792b86ed6dececdeea16
                                                                              • Instruction Fuzzy Hash: 1041D474E09209DFDB40DFAAD480AEDBBB2FB49300F14912AD91AB7240EB346942DF44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE67A1, Relevance: .1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c27435200375ed56c056aaf422a638dd6415223534c7e1c0db3536fb902a3da2
                                                                              • Instruction ID: 5dd0734bf2534a46dd014ad09ba1a3898c3062771fc6636fb2f7abeaa65924bc
                                                                              • Opcode Fuzzy Hash: c27435200375ed56c056aaf422a638dd6415223534c7e1c0db3536fb902a3da2
                                                                              • Instruction Fuzzy Hash: FA412C70E111089FCB44DFAAD5846ADFBF3EF99324F54C265E464BB395DB30A9028B60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CECE28, Relevance: .1, Instructions: 116COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 88485eea0883620412131f703076109db32dc506f937cb6bcacae665fff8ba62
                                                                              • Instruction ID: 9fdab63c5899773a16b90d0bfaa3f07c8dd0fb4523052f294ecf5e278581ffc3
                                                                              • Opcode Fuzzy Hash: 88485eea0883620412131f703076109db32dc506f937cb6bcacae665fff8ba62
                                                                              • Instruction Fuzzy Hash: C9411370D152089FDB00DFAAD944BEDBBF2AF4A314F14856AE815B7290E735AA409F60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDE31, Relevance: .1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f2b8c972b49a700ec585df4e71f6cf520ec3b0dd64b49a62c6370f8ea6f82a52
                                                                              • Instruction ID: 900dd9664783b485b7bdfa46ab8f4c7d0f00301ede5316a6772cc3bde9d3caf6
                                                                              • Opcode Fuzzy Hash: f2b8c972b49a700ec585df4e71f6cf520ec3b0dd64b49a62c6370f8ea6f82a52
                                                                              • Instruction Fuzzy Hash: 0951B074E41229CFDB64DF69C944BEDBBB2AF49304F1480E9D449AB280DB34AE85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A6EC, Relevance: .1, Instructions: 95COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e35fd55d78a3e88bd18162338af7a215cf7e7c896d9c9323a33c6c1e30aa4dad
                                                                              • Instruction ID: 8e5ac7f462094071ffe87d63b7b870c48d5df417358cda90866cd0cf67854aa7
                                                                              • Opcode Fuzzy Hash: e35fd55d78a3e88bd18162338af7a215cf7e7c896d9c9323a33c6c1e30aa4dad
                                                                              • Instruction Fuzzy Hash: 663169B6508741AFD310CF09EC41E57FFE8EB89660F18C86EFD499B211D231A8048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A81A, Relevance: .1, Instructions: 94COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a3b00fe6c37d444c0dbc5164c45b8f2a41fcf17e2064ab11df596556c5d956e1
                                                                              • Instruction ID: 25b8e8da2fd039cdb02251310766027e286b271f4a2a16753f6b81ee76abe3e9
                                                                              • Opcode Fuzzy Hash: a3b00fe6c37d444c0dbc5164c45b8f2a41fcf17e2064ab11df596556c5d956e1
                                                                              • Instruction Fuzzy Hash: CE316BB6549741AFD311CF09EC41E67FBE8EB89720F14C86EFD489B211D231A9048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE293, Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: befa3272dde6fdd85d16a8b730aa48ce1d6367c6910ab002688ae29571da044d
                                                                              • Instruction ID: c561f2049e3adb7f72cbb84881b26763c3d81dc60faa148a0ac2244ad7020978
                                                                              • Opcode Fuzzy Hash: befa3272dde6fdd85d16a8b730aa48ce1d6367c6910ab002688ae29571da044d
                                                                              • Instruction Fuzzy Hash: 5741EF74901228CFDB24DF66D8487EDB7B2BB4A305F1081EAC509B7281DB366AC5CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A944, Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eec8fc2ed067eda173a86bf05ca91263ccb3794c203b5b373af60bc5b54cb2d1
                                                                              • Instruction ID: 8946d7db0dd5e0989e24e5e71fe850bce9d677114ef8679fcce67f0493c1f070
                                                                              • Opcode Fuzzy Hash: eec8fc2ed067eda173a86bf05ca91263ccb3794c203b5b373af60bc5b54cb2d1
                                                                              • Instruction Fuzzy Hash: CB214FB6509340AFD710CF09EC41D57FFE8EBC9620F14C95EFD999B211D231A9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A5C0, Relevance: .1, Instructions: 86COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4dd60bf218a0ddf2e45e59b3daa6067848d064fced150537c41648507293989
                                                                              • Instruction ID: 73868fd2f6a2ff5d6dc92ffacb07500add794636c9ae76538fe779641c570c7f
                                                                              • Opcode Fuzzy Hash: a4dd60bf218a0ddf2e45e59b3daa6067848d064fced150537c41648507293989
                                                                              • Instruction Fuzzy Hash: EC21A1B6549700AFD3108F09EC41D53FFE9EB85730F14C96AFD499B212D276B5048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A3AA, Relevance: .1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ad83693e7ab5bea86b9037352907dfa56152667a7458e7f46320466153f4c4fa
                                                                              • Instruction ID: 89da89bc32c567885c15e53c5ef2b28e1b44310e4826993fa80addf0768f982b
                                                                              • Opcode Fuzzy Hash: ad83693e7ab5bea86b9037352907dfa56152667a7458e7f46320466153f4c4fa
                                                                              • Instruction Fuzzy Hash: 5D21B0B6548700AFD3108F06EC41E57FBE9EB84730F18C96AFD099B212D231B9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1AAC8, Relevance: .1, Instructions: 82COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f29eb58a1fb56a40b3c3fdf66ff77d26e6bebe96d56a906fa7c7cd8384c8f10d
                                                                              • Instruction ID: a0b387476204decd9a3e85f6dc818ccf910fa04e3e92169def04f8fd2cbba1ba
                                                                              • Opcode Fuzzy Hash: f29eb58a1fb56a40b3c3fdf66ff77d26e6bebe96d56a906fa7c7cd8384c8f10d
                                                                              • Instruction Fuzzy Hash: 26312BB550E3C15FD302CF25D851A56BFF4EB8A614F0889DEF8C8DB252D275A908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDF9B, Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 41920cc16540a4bd35de138918212bcadd350db0bfe5f2c32499592bba274e66
                                                                              • Instruction ID: 2ede5affaf5ea596a193761f21a5d812bf9ede98c63ef63a70b500a84f9d094e
                                                                              • Opcode Fuzzy Hash: 41920cc16540a4bd35de138918212bcadd350db0bfe5f2c32499592bba274e66
                                                                              • Instruction Fuzzy Hash: 9241D274E0022DCFEB24DF65C848BEDBBB2AB49305F0480E9D409AB241DB359AC5CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A191, Relevance: .1, Instructions: 77COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fc48b1a8c876bff3c88045f9057021aaaa96fea765ac9e61c0eb9e9fb14491ab
                                                                              • Instruction ID: 62a4e3d92470ed6c4445c8eb52685e2bb4fb74a5066b591ffe8655cf2c91ab0b
                                                                              • Opcode Fuzzy Hash: fc48b1a8c876bff3c88045f9057021aaaa96fea765ac9e61c0eb9e9fb14491ab
                                                                              • Instruction Fuzzy Hash: 0E21D1B6545700AFD7108F0AEC41E62FFA8EBC5730F08C56BFD099B202D235B9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A716, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 039d04f959c16377fa5b5fd04e5da22242285847f6fa15db3e551b2b34635bbf
                                                                              • Instruction ID: d0c5123dcf1ba47d3b4f3633d68ad0b88f102abe8a747a854f5d24c2f1a7b715
                                                                              • Opcode Fuzzy Hash: 039d04f959c16377fa5b5fd04e5da22242285847f6fa15db3e551b2b34635bbf
                                                                              • Instruction Fuzzy Hash: 8E2139B6648300AFD210CF0AEC41A56FBE8EBC8660F14C92AFD4997301D275A9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A96E, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 46c9bc20f7cf420deb7d67896d6bbc4c5ba34f7d515586f33d254a1b9bc21189
                                                                              • Instruction ID: 675d40ea189fd26547fcc138864bfccf010c83dc1225472711c6f6cd79ea06b2
                                                                              • Opcode Fuzzy Hash: 46c9bc20f7cf420deb7d67896d6bbc4c5ba34f7d515586f33d254a1b9bc21189
                                                                              • Instruction Fuzzy Hash: 8A213AB6544700AFD210CF0AEC41A57FBE8EBC8630F14C92EFD4997301D271E9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A842, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9dbfbbe1ffdca829ca855945eeda95db2e92fb999f3fe58572bde0a2c5359f6
                                                                              • Instruction ID: 42bc9934d4dfe38242f07681c50275d612bbd8cc4ec8ea3d036a6a434fbc8d93
                                                                              • Opcode Fuzzy Hash: e9dbfbbe1ffdca829ca855945eeda95db2e92fb999f3fe58572bde0a2c5359f6
                                                                              • Instruction Fuzzy Hash: F22139B6544300AFD210CF0AEC41A57FBE8EBC8630F14C92AFD4997301D275A9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE48B3, Relevance: .1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db18da3afca3b30d04fdf0d0536955f602a52585b23192d308da6d1b7d4aa28a
                                                                              • Instruction ID: 241e20862bafab29ce3f345a5d88e03405a68c058b580ac94e899397691bd874
                                                                              • Opcode Fuzzy Hash: db18da3afca3b30d04fdf0d0536955f602a52585b23192d308da6d1b7d4aa28a
                                                                              • Instruction Fuzzy Hash: B021CE70D00219DFCB08DFAAC5816AEFBF6AF48310F6491A9D544B7350D735AA81CBA4
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A5EA, Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 41744d53f9ee4cb06cd05292d7fdb9d1973b8b6636e90f1f3861da8e87bb0a0b
                                                                              • Instruction ID: a58fbf58c915e46fc617a0c0ff541cc53096112fecb0ab3f7a3dc28dfb722951
                                                                              • Opcode Fuzzy Hash: 41744d53f9ee4cb06cd05292d7fdb9d1973b8b6636e90f1f3861da8e87bb0a0b
                                                                              • Instruction Fuzzy Hash: 291190B6644700BFD2108F0AEC41E67FBE9EBC4670F18C96AFD095B311D276B5148AA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A3D2, Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 011ef6b01e8d09f8b3dc96266b4e4cfbb07a64f4c3883945ce1ccfc2ea90343c
                                                                              • Instruction ID: d2a7839ca24a4092c993abc0705e4715de78deb23ab25c493857782fdabd6d80
                                                                              • Opcode Fuzzy Hash: 011ef6b01e8d09f8b3dc96266b4e4cfbb07a64f4c3883945ce1ccfc2ea90343c
                                                                              • Instruction Fuzzy Hash: 851190B6544700BFD2108F0AEC41E67FBE9EBC4670F18C96AFD095B311D276B5148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A640, Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 304a9fb6403bfba342a57ce9320c82debe76e528fff1b54ea46cf72ec3bb9f89
                                                                              • Instruction ID: 14d420f888e622eed5be99b6da4ee80f59a2df856a5d784b08c254b3ae66bd91
                                                                              • Opcode Fuzzy Hash: 304a9fb6403bfba342a57ce9320c82debe76e528fff1b54ea46cf72ec3bb9f89
                                                                              • Instruction Fuzzy Hash: A4215EB650D3816FD302CF25DC51956BFF5EF86620F0989DAF8889B252D235A908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A1BA, Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 85e3594e6a17ed418f35d6445e8647568096aba3c477bfea356856e54c65e46a
                                                                              • Instruction ID: 1f49c8b85292d7f3756777d0c24276932b8ea751b11e0189fb6883597a30d97e
                                                                              • Opcode Fuzzy Hash: 85e3594e6a17ed418f35d6445e8647568096aba3c477bfea356856e54c65e46a
                                                                              • Instruction Fuzzy Hash: 2211C276640604BFD6108E0AEC41E62FBA9EBC4B31F18C56AFD095B201D276B5149FB2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED10A, Relevance: .1, Instructions: 62COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 69f675d553c6cd009579b2c1c7faf0b9b34cd711821255c744c67865e8b32bac
                                                                              • Instruction ID: 4ced2f8e742ef260e04a2191a2b83538178f03c7a2ca2c710951e8ef19a4dc54
                                                                              • Opcode Fuzzy Hash: 69f675d553c6cd009579b2c1c7faf0b9b34cd711821255c744c67865e8b32bac
                                                                              • Instruction Fuzzy Hash: F7210978E0520ACFCB04DF95C9959FEBBB1AF48310F148199D402AB361DB35AA40DF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDCC8, Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9c4102344a63372b55341112586b6e5c19bf1ffe13f35840d179ef094fc34838
                                                                              • Instruction ID: 4037a453e8414cce1f06f3ac011199e0ffbf4dd66d4c0e0f5072af9774056ea9
                                                                              • Opcode Fuzzy Hash: 9c4102344a63372b55341112586b6e5c19bf1ffe13f35840d179ef094fc34838
                                                                              • Instruction Fuzzy Hash: EA219D74D00228CFDB65DF69C858BECBBB2AB49305F1440EAD409AB2A1DB359EC5CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE001F, Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f3440679b12c3facf7ac69395a620ad50d7c0b710e887e03e5ebfdd939159c60
                                                                              • Instruction ID: 5df16ceba718388e63e72df6c23a3826dedac60e9b336cd9580c4d58f68614ac
                                                                              • Opcode Fuzzy Hash: f3440679b12c3facf7ac69395a620ad50d7c0b710e887e03e5ebfdd939159c60
                                                                              • Instruction Fuzzy Hash: 36011EA290F7C48FC30747749C661947FB1AE13205B5A85DBD485CB6B3DA391D0AC763
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1AB09, Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2801536915f35a878602d7905124953b79e1c0f720f5af30da2a6592be51ea78
                                                                              • Instruction ID: 0ad22cdea281be68259a8c6f6b66c62bf586d4a5cfc55fcf8b9d61b9bd3e981c
                                                                              • Opcode Fuzzy Hash: 2801536915f35a878602d7905124953b79e1c0f720f5af30da2a6592be51ea78
                                                                              • Instruction Fuzzy Hash: 5B11D4B5908301AFD340CF19D881A5BFBE4FB88664F04892EF99897311D331E9148FA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEDBEF, Relevance: .1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ed7da5ed0a2a10e98ea17a6923926825c3bb96d124d1bce33f67a93c1c7faa97
                                                                              • Instruction ID: cda39ced9b5d69a2a2d9aa0bd96b44bc7b36ef27096f1f2063187560882dacff
                                                                              • Opcode Fuzzy Hash: ed7da5ed0a2a10e98ea17a6923926825c3bb96d124d1bce33f67a93c1c7faa97
                                                                              • Instruction Fuzzy Hash: 0F211AB8D00228DFDB64CF64CD86BD9BBF1EB09304F1084E9DA49A7281D771AA81CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE00B1, Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0566c2521eeb1a0a7c62ea4006970fa755d26e175ac750348baf550e1ee6bd42
                                                                              • Instruction ID: 41bf75dc5e367b86f06639c3d3f14a60202d4038b993abb28dced6f7cc2e5ce5
                                                                              • Opcode Fuzzy Hash: 0566c2521eeb1a0a7c62ea4006970fa755d26e175ac750348baf550e1ee6bd42
                                                                              • Instruction Fuzzy Hash: 67115E74A0060EDFCB04EBA8D9559ED7BB1FB80308F5081A9E405A72A4DF706E14CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE00B8, Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9bf8ef461e4c644866fdb95261a47944b866954fe94e7ffed0fbc7302b00685e
                                                                              • Instruction ID: 429f761347ce3419875ea0ce3c057122d9d600f0df8e8e001077768d8d314225
                                                                              • Opcode Fuzzy Hash: 9bf8ef461e4c644866fdb95261a47944b866954fe94e7ffed0fbc7302b00685e
                                                                              • Instruction Fuzzy Hash: A4112E74A0020ECBCB44EBA8D9458DD7BB1FB80308F5041A9E405A72A4DF705E14CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A118, Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a2d0c818e08da335bb5e443d3c589dbe0de51bcdfac92a93e43ced51d138e44b
                                                                              • Instruction ID: 0dfc3d163d46679c1e7f1d4f9305ac9bb67f22e2d12c242be8dcd62623943620
                                                                              • Opcode Fuzzy Hash: a2d0c818e08da335bb5e443d3c589dbe0de51bcdfac92a93e43ced51d138e44b
                                                                              • Instruction Fuzzy Hash: E901D4B240E3C06FD31247259C55A92BFB8DF83624F0884DBE9849F153D2166919D7A2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE646, Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c35d5144592bb1c55d3fb12172952f4b00dde5ab0c1b25783a4e9e3b15e70a34
                                                                              • Instruction ID: 4172cfa91224bbca6371cc3aa7cbe9ad843fea789179c0c1df77a8c9c6375f91
                                                                              • Opcode Fuzzy Hash: c35d5144592bb1c55d3fb12172952f4b00dde5ab0c1b25783a4e9e3b15e70a34
                                                                              • Instruction Fuzzy Hash: AE11BCB4901268CEDB65DF2AC8987ECB7B2BB49345F1481EAC409A6281DB756FC4CF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED818, Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 16fa57235a4a6d1e2ff5185abc5c79901f63f7cf42384ab838b80bbda56c1028
                                                                              • Instruction ID: d0368a8948f5868dfb07c6546eb29ac3cf44d1de44af8fdc0f7f2323cc4011e8
                                                                              • Opcode Fuzzy Hash: 16fa57235a4a6d1e2ff5185abc5c79901f63f7cf42384ab838b80bbda56c1028
                                                                              • Instruction Fuzzy Hash: F301A274D09249DFCB00DF61D5489BDBB72EB89301F0081DADC46A3341E7312A00CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE3F8, Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3fd919eb7a3793284fab5cfb613be07917222f62a5716ff486aa982312dc8c09
                                                                              • Instruction ID: 6d1d88f6bb23af69ad518a3ccc91f98255e43c2475996609938a4f481fb627ac
                                                                              • Opcode Fuzzy Hash: 3fd919eb7a3793284fab5cfb613be07917222f62a5716ff486aa982312dc8c09
                                                                              • Instruction Fuzzy Hash: CC11C934941228CFEB259F66C8497E8B7B2BB0A345F5484D5D80A67291C7355BC5DF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE099F, Relevance: .0, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 67ba61ffeb11833870b7c08b8a15df76e7960944996074adc7341d8a311df522
                                                                              • Instruction ID: f5071d7a9174f51dba304b29812d53f064fcd6b0c8c52ee7a01c1c7ad4879d77
                                                                              • Opcode Fuzzy Hash: 67ba61ffeb11833870b7c08b8a15df76e7960944996074adc7341d8a311df522
                                                                              • Instruction Fuzzy Hash: 4DF0F470949249CFC705DFB5D9865FEBBB1EF42304F1001E8C408A7252EA754F41CB95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED7BF, Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 92c5125c6b4133968c363b016197e4f0b9f443e6943accdf83f96b5821be5ebc
                                                                              • Instruction ID: f21db5a3db3e94703988b8b649eafa9fdf42b623eb0ae9dbecd1ae70e441fb74
                                                                              • Opcode Fuzzy Hash: 92c5125c6b4133968c363b016197e4f0b9f443e6943accdf83f96b5821be5ebc
                                                                              • Instruction Fuzzy Hash: DCF0BE74809249DFC3009FB1E8589E9BF75AB4A301F14919ADC85A3386DB301A01CF60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE140, Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 74dea29b3e5f7e6c3ffcb5166f708f4c5bf5aa1c71198b6dbe39052b6c46c043
                                                                              • Instruction ID: eb3978c0172b92ad5efdbe8ab87b4c1822ad830e03ad51be386d9b7ee6f1e881
                                                                              • Opcode Fuzzy Hash: 74dea29b3e5f7e6c3ffcb5166f708f4c5bf5aa1c71198b6dbe39052b6c46c043
                                                                              • Instruction Fuzzy Hash: FA019D75E002288FDB60DF6AC880BE8B7B5BB08305F1480DAE51DE7281D775AAC5DF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED780, Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b4614e72d0fecfd01bb281e369bbc5cdab8355fcf69ec0d4891a06f70cc03131
                                                                              • Instruction ID: 4f04632e59ee8cd90848e8ae3ac4ea0be2fc9d1a462c3bc135f64b696338cb3e
                                                                              • Opcode Fuzzy Hash: b4614e72d0fecfd01bb281e369bbc5cdab8355fcf69ec0d4891a06f70cc03131
                                                                              • Instruction Fuzzy Hash: 58E0923040E348DFC701EFA4D8045FE7F75AB06200F2151E6D8C5A7256DB352A09DBB5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE01D0, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff1bbfdee4db19c7696f40d95c32c80b3e94a20cab036ae2b5edcca44b150b74
                                                                              • Instruction ID: 15c9bcb739b182f67cf4190dd6e06b1b613a92a32acbf53fd0b7ec9df383118e
                                                                              • Opcode Fuzzy Hash: ff1bbfdee4db19c7696f40d95c32c80b3e94a20cab036ae2b5edcca44b150b74
                                                                              • Instruction Fuzzy Hash: 3BF02275C09308EFCB04DFAAD8026ACBBB5EB01300F6080A5D844A3352DB71AE50CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE03DB, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dc249720e770dc739eaee65d29add2ad43b1a37d7af0c8be922eea614e4ef37f
                                                                              • Instruction ID: 5fa4619c839a93f1cb39bb70eb30a3e9fc098ae829362248a454a3ae5141291e
                                                                              • Opcode Fuzzy Hash: dc249720e770dc739eaee65d29add2ad43b1a37d7af0c8be922eea614e4ef37f
                                                                              • Instruction Fuzzy Hash: 5BF0AF78A44119EFDB40DF99D68899DB7B1FB48314F208295D805AB311DB71AE51CF90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE969, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1c72b8fc229c2d88b426542f6aa873480cba83e6e3ee9844e45d9ce51f50f7d1
                                                                              • Instruction ID: 0444b4d646bb0172988c313b55c4ffe7a8719a3f86a05dcc545e5a46e2a72ca6
                                                                              • Opcode Fuzzy Hash: 1c72b8fc229c2d88b426542f6aa873480cba83e6e3ee9844e45d9ce51f50f7d1
                                                                              • Instruction Fuzzy Hash: 85F08C74909288AFC745CBA5D8009FDBFB1EF4A200F14C0DAE8489B352D6365B55DB50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A6A3, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4a64a32bc18268908ce5c309658b7b7a77c4b4b434a3049542df55bddf4f9c72
                                                                              • Instruction ID: 8b22309f3d2e0bc19ecbc2f74241f96e0887a49651cc9ba0c9bddb5980673915
                                                                              • Opcode Fuzzy Hash: 4a64a32bc18268908ce5c309658b7b7a77c4b4b434a3049542df55bddf4f9c72
                                                                              • Instruction Fuzzy Hash: 67E0D8B264130067D2108F0ADC42F12FB98DB80A30F04C46BED081B301D171B5148EE5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A57B, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 34f02f4efa52b81f6b8b04d935432fc77dc24fc2b8bcd8e428815cf064fa6752
                                                                              • Instruction ID: 2fd7354dd18150b6a558d99f7ff23043f3cfbb758d16ea72b67263f1ecc389fc
                                                                              • Opcode Fuzzy Hash: 34f02f4efa52b81f6b8b04d935432fc77dc24fc2b8bcd8e428815cf064fa6752
                                                                              • Instruction Fuzzy Hash: BBE0D8B254130067D2108E0ADC42B12FF98DB80A30F04C467ED081B301D175B5148EE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A8FB, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b0be94f631a585e269ff74c497e01e20597d4db50024accc7299dc6dc14dcfe9
                                                                              • Instruction ID: c290ba38fbe90f211493e0d6a837d1e3a8fc69bcd244d2cec322e3ac1dec76ad
                                                                              • Opcode Fuzzy Hash: b0be94f631a585e269ff74c497e01e20597d4db50024accc7299dc6dc14dcfe9
                                                                              • Instruction Fuzzy Hash: 24E0D8B254170067D2108F0AEC42F53FB98DB90A30F04C46BED081B701D171B5148EE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A363, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5a31d4c9e064d8b1b3533a61d55934cee7e953849ff2bc24ea2900aa8c48acef
                                                                              • Instruction ID: ef7a145fd4e572327b78a5aec19ce3651a40dcc533f40bebdf49fb9dc896b829
                                                                              • Opcode Fuzzy Hash: 5a31d4c9e064d8b1b3533a61d55934cee7e953849ff2bc24ea2900aa8c48acef
                                                                              • Instruction Fuzzy Hash: 89E0D8B254130067D2109E0ADC42B13FB98DB80A30F04C46BED085B302D175B5148EE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1AB6B, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3a4ad4a6133748fa52e4d89ae6c79a6eb993ae751c89e76787015624443f8ef9
                                                                              • Instruction ID: e054262917f264731c0142a689084cd2620fa4d0cef404d47a3d470eea03f9e1
                                                                              • Opcode Fuzzy Hash: 3a4ad4a6133748fa52e4d89ae6c79a6eb993ae751c89e76787015624443f8ef9
                                                                              • Instruction Fuzzy Hash: 5CE0D8B654130067D2108E0ADC46F12FB98DBC4A30F04C467ED081B701D171B5148EE5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A14C, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5d8ff7d82a575ec8090f74024e3afed15e69cc3cfca9409a0ba96d6644d9b307
                                                                              • Instruction ID: 142db3659699bec2cf469a115158435146e89a9ca43e16700054b3ca24fdc753
                                                                              • Opcode Fuzzy Hash: 5d8ff7d82a575ec8090f74024e3afed15e69cc3cfca9409a0ba96d6644d9b307
                                                                              • Instruction Fuzzy Hash: 23E0D8B294130067D2108E0ADC42F12FF98DB80A30F04C467ED081B301D175B5148EE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B1A7CF, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251199556.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c0d002d4969dac6792eeb3efda063c0e9391dbe3a0ede445227f9ceaa5adf764
                                                                              • Instruction ID: e4c58345216a271342340d389b99cc13e513076410a1c2c046750cbd6b045262
                                                                              • Opcode Fuzzy Hash: c0d002d4969dac6792eeb3efda063c0e9391dbe3a0ede445227f9ceaa5adf764
                                                                              • Instruction Fuzzy Hash: 43E0D8B254130067D2109F0AEC42F13FB98DBC0A30F04C46BED081B701D175B5148EE5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE9B9, Relevance: .0, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 29e73e554645e6f91fecc909094d80df406dcb94e85ccaefa58a46214835ba39
                                                                              • Instruction ID: 401548a8fda5ae461c0664db05ecf52f57e48ba5ef0cf9164c9e32d5bf91aa27
                                                                              • Opcode Fuzzy Hash: 29e73e554645e6f91fecc909094d80df406dcb94e85ccaefa58a46214835ba39
                                                                              • Instruction Fuzzy Hash: 6AF03030E09244DFC745DFA5D8406E8BFB5EF45200F14C1DAE84997752DA325A45CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE6223, Relevance: .0, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 747cb040cf6a2a0e33b25243166be4a9af4baca5fcc46020c07ce3a2e0e77545
                                                                              • Instruction ID: e5d29902ddead425d1f715a6d433d8d01c5643a75e4a15ebe1c3dc66b6643635
                                                                              • Opcode Fuzzy Hash: 747cb040cf6a2a0e33b25243166be4a9af4baca5fcc46020c07ce3a2e0e77545
                                                                              • Instruction Fuzzy Hash: D7E092B0949308EFC705DF64D8A95AEBFB1FB46301F508099D84423396CB30AB54C795
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CED7D0, Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b6cd43b55fe7dfd29f4f222b564555fa35a96dc3501a8556b10d96226f33cd93
                                                                              • Instruction ID: 1a3ff401459d4c0262e51a245635b49efc0e47d1a9609c6bab84e767521daea5
                                                                              • Opcode Fuzzy Hash: b6cd43b55fe7dfd29f4f222b564555fa35a96dc3501a8556b10d96226f33cd93
                                                                              • Instruction Fuzzy Hash: 71E04FB4D48209DFC704EFA5E5499BDBBB6EB89301F10D1A9DD4963344DB702A00CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE978, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 15a28a97804d2dc21f5d71bb2022abe5ddf4c05f76b0d6a0bbfb3c523c824bfe
                                                                              • Instruction ID: 16556e9e9a978a6296e816c261c4f0c62b0d563cb0f7de75edae7b4f4ab3cbc4
                                                                              • Opcode Fuzzy Hash: 15a28a97804d2dc21f5d71bb2022abe5ddf4c05f76b0d6a0bbfb3c523c824bfe
                                                                              • Instruction Fuzzy Hash: 5DE0E574908208AFCB44DF99D844AADBFB5EB49300F14D0AA994867341DA36AA51DF94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE6230, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c1a07ef60c36108c272a90aa234eac0b2bc54d4b1c0fcf5c4fdf403072225315
                                                                              • Instruction ID: 4be23e84e57d71fb43b34abfba0198c4c0ed88cc473bde1c247bc0d9835f83ee
                                                                              • Opcode Fuzzy Hash: c1a07ef60c36108c272a90aa234eac0b2bc54d4b1c0fcf5c4fdf403072225315
                                                                              • Instruction Fuzzy Hash: ACE08670948208EFC704EF68D8459ADBF72FB46301F508055DC0423355CF305B94DB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE9C8, Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3c4fa2d4cf3723f2d19b3773634c3529c39208ae5f6eccbae2c7acaa9438b0da
                                                                              • Instruction ID: acc467284b929dee87204e324259492b4b6c522461f58f459f3d1ea7d165e015
                                                                              • Opcode Fuzzy Hash: 3c4fa2d4cf3723f2d19b3773634c3529c39208ae5f6eccbae2c7acaa9438b0da
                                                                              • Instruction Fuzzy Hash: 0CE04F74D04108EFC744DF9AD4416ACFBF5EB48300F20C0A9D90897351DB326A01CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE0070, Relevance: .0, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8ae0bf9baa5b7037d4cdd5528a50569f72fc92d9618b5becfddb69cca9827266
                                                                              • Instruction ID: 9d1c2d186df3e723fe354719f9f9e269b0b0f00a494976c4ace7d284b8f92c9b
                                                                              • Opcode Fuzzy Hash: 8ae0bf9baa5b7037d4cdd5528a50569f72fc92d9618b5becfddb69cca9827266
                                                                              • Instruction Fuzzy Hash: FFE01270802208DFC754EFF4E9096ACBBF5FB08305F5081AAE80593350DF766A50CBA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B023F4, Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251158639.0000000000B02000.00000040.00000001.sdmp, Offset: 00B02000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 59dad786009bd0ea32db707f5140c35ba007fdf3823df93fdf380fb1b5368537
                                                                              • Instruction ID: 972759c40d06674ce98aff21107b943b906dc14963e7594beb84094ff9a0cbbe
                                                                              • Opcode Fuzzy Hash: 59dad786009bd0ea32db707f5140c35ba007fdf3823df93fdf380fb1b5368537
                                                                              • Instruction Fuzzy Hash: 52D05E79205A814FD3268B1CC1A9B993FD4EF51B04F4644F9E8008B7B3C368D985D200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00B023BC, Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.251158639.0000000000B02000.00000040.00000001.sdmp, Offset: 00B02000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7459bcdb91f37b2b5aafb180a0693860739894c3c4412c52c057cc616f251f4c
                                                                              • Instruction ID: 45d206812ddf294a716f557880c5c8d197abfbf0039478dfd68109470a99745a
                                                                              • Opcode Fuzzy Hash: 7459bcdb91f37b2b5aafb180a0693860739894c3c4412c52c057cc616f251f4c
                                                                              • Instruction Fuzzy Hash: 01D05E342012814FCB15DB1CD198F593BD4EB41B00F0644E8AC008B2A2C3B8EC85C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEE3BA, Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f618ff78566471cbb271aa21498ecd0ef2d110f0c8370b8e3014ed6f4d40cb2a
                                                                              • Instruction ID: 3a00dceb154a35747e3a51695d89f152e9a518cf1619cef6bef019ceb07a3069
                                                                              • Opcode Fuzzy Hash: f618ff78566471cbb271aa21498ecd0ef2d110f0c8370b8e3014ed6f4d40cb2a
                                                                              • Instruction Fuzzy Hash: 48E0177880022CCFDB24DF62C8487E8BBB1AB05344F0040D6C815B3280C7350BC0DF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 04CE5308, Relevance: 13.4, Strings: 10, Instructions: 907COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: #$'$+$:$=$@$J$l$p$w
                                                                              • API String ID: 0-44647363
                                                                              • Opcode ID: 5100ee84c36d87a93151ff2ee38716ec785df98449ddc39060c339c7f2e7b751
                                                                              • Instruction ID: 32160a2374f16676feb0042de19e866e2a1aa8af41e99eb455a56c1545c8def5
                                                                              • Opcode Fuzzy Hash: 5100ee84c36d87a93151ff2ee38716ec785df98449ddc39060c339c7f2e7b751
                                                                              • Instruction Fuzzy Hash: E182F371D06268CEDB28CFA2C9583FDFABAAB45349F149099C109B7291D7780BC8DF14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE52FF, Relevance: 11.7, Strings: 9, Instructions: 493COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: *$,$M$V$c$d$r$s$w
                                                                              • API String ID: 0-114772015
                                                                              • Opcode ID: ac1486b14dd75b14d3d32727e87c62c27cf2654fb7ab0af33f82e43d6f6978a5
                                                                              • Instruction ID: eace8193321d017768c9c1e2972fcb38c39423b00fce6ef8aebdeb792e7ac41d
                                                                              • Opcode Fuzzy Hash: ac1486b14dd75b14d3d32727e87c62c27cf2654fb7ab0af33f82e43d6f6978a5
                                                                              • Instruction Fuzzy Hash: 1732F4B1D05368CEEB28CFA7C9183EDFAB6BB45349F1480A9C14967291D7780B89DF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE7266, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `5(r
                                                                              • API String ID: 0-3683955166
                                                                              • Opcode ID: 50e0d41a4d06f24c7d2f59083212082d70cecf20fc74626808b729cbe31df2c0
                                                                              • Instruction ID: a86adcfc7f78654d5042e88f5d9b83dd6db9db3f744083a357ac47866b9f5fa8
                                                                              • Opcode Fuzzy Hash: 50e0d41a4d06f24c7d2f59083212082d70cecf20fc74626808b729cbe31df2c0
                                                                              • Instruction Fuzzy Hash: 3F5140B090060ACFD744EF6AD94579DBFF2FF89304F54C069D114AB2A9EF7119068B90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE7268, Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `5(r
                                                                              • API String ID: 0-3683955166
                                                                              • Opcode ID: b8d1b83b7f922c5a3e6df10799b8533c60058cbdd836e26c4598dfe460e0c2ec
                                                                              • Instruction ID: 02fa18ef49823775a10e4f300c06e5ec9f2b458a8462a89174c19c7a3f3ed4e9
                                                                              • Opcode Fuzzy Hash: b8d1b83b7f922c5a3e6df10799b8533c60058cbdd836e26c4598dfe460e0c2ec
                                                                              • Instruction Fuzzy Hash: 0D5130B090060ACFD744EF6AD94579DBFF2FB89304F54C069D114AB2A9EF7119068B91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE8D56, Relevance: .2, Instructions: 204COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d1432cd241c38a82078f65a7bf647e0efbc73983560fc9dad8d46ac29310e644
                                                                              • Instruction ID: c48f518eb22fb89fc4aa740a822230af43ebf61cb26c3830de1d244340835576
                                                                              • Opcode Fuzzy Hash: d1432cd241c38a82078f65a7bf647e0efbc73983560fc9dad8d46ac29310e644
                                                                              • Instruction Fuzzy Hash: 6EA1AFB0D19668CBDBA4DFA9C9846DCBBF1FF48300F1081A9D58CA7205DB309A96CF14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CE74B0, Relevance: .1, Instructions: 100COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9def59a1e55a83dc80b9e980487d1cbb3066d99f83bd119e131f5e36e948e770
                                                                              • Instruction ID: d55b9c8b046982b6167286ec68cbd1954000e0d76e96d6d1f55a6fb384b69a29
                                                                              • Opcode Fuzzy Hash: 9def59a1e55a83dc80b9e980487d1cbb3066d99f83bd119e131f5e36e948e770
                                                                              • Instruction Fuzzy Hash: B14135B1E056588BEB1CCF6B8C4069EFAF7AFC8300F14C1BA950DAB214EB3015868F55
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEEA41, Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d62fdcd461e44dcf270ad3451d5b04795da3d5a40fcae4b92bf4019dcfb84a85
                                                                              • Instruction ID: 545eceac178c6f189960b7e6435a780c39a2ba93d237e1bf5a2fcd60984a5cf3
                                                                              • Opcode Fuzzy Hash: d62fdcd461e44dcf270ad3451d5b04795da3d5a40fcae4b92bf4019dcfb84a85
                                                                              • Instruction Fuzzy Hash: 58111470D052699EDB10CFA6D848BFEBFF1AB09341F145469E445B3240D7785A84EB68
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04CEEA50, Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000000.00000002.255113814.0000000004CE0000.00000040.00000001.sdmp, Offset: 04CE0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 85c750a67c25711e89af70081ce9f793d5e1b634ed173156e0f3f928baa9a610
                                                                              • Instruction ID: ac939fd7a8a3fb9a33fbd92a6bfc9ce47a2545b5c1b3d6a9b5685724f831bc28
                                                                              • Opcode Fuzzy Hash: 85c750a67c25711e89af70081ce9f793d5e1b634ed173156e0f3f928baa9a610
                                                                              • Instruction Fuzzy Hash: 47110270D042198FDB14CFAAC848BFEBEF1BB49340F149469E005B3240D7785684DF68
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 6108 Parent PID: 5900 e92b274943f4a3a557881ee0dd57772d.exeCOMMON

                                                                              Executed Functions

                                                                              Function 00CFAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00CFAAB1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 48c8b5b8d6fbe9d632e0bc6275d3abaf10b41987caa308e760098045f799b4d5
                                                                              • Instruction ID: 47ab1ebb44923a683226e2af5ee4459998263e022ef88d1066017f713fcb7087
                                                                              • Opcode Fuzzy Hash: 48c8b5b8d6fbe9d632e0bc6275d3abaf10b41987caa308e760098045f799b4d5
                                                                              • Instruction Fuzzy Hash: C831D4B25043846FE7228B25CC85FA7FFFCEF05310F08849AEE848B152D664A909CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,010D1FDC,00000000,00000000,00000000,00000000), ref: 00CFABB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 4be06a49285a1931365cc5e559e1a273616ffb266b9949288a250e00208a1d77
                                                                              • Instruction ID: c994d170aed361ecc20560153abf80460f7635fcaa6c068f239d014b8225fa26
                                                                              • Opcode Fuzzy Hash: 4be06a49285a1931365cc5e559e1a273616ffb266b9949288a250e00208a1d77
                                                                              • Instruction Fuzzy Hash: 6B31B5B55093846FD722CB65CC84FA2FFBCEF06310F08849AE985CB152D364E948CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFAF50, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00CFAFEA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: d9d65df359cfa79df3bc33992ec8e501377d11b81500888200450551cda3110d
                                                                              • Instruction ID: b5bc2ff298c7be83bcf428f5ac70d10e47057f56131a4fdbd422d62e7cc75c12
                                                                              • Opcode Fuzzy Hash: d9d65df359cfa79df3bc33992ec8e501377d11b81500888200450551cda3110d
                                                                              • Instruction Fuzzy Hash: C63180B144E3C06FD3138B659C55B21BFB4EF47610F0A41DBE984CF5A3D228A919C7A2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00CFAAB1
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 95245fb09b7cba9f2ba61e41dd3d4ca25b27a97a55f00ff0fe2e999c4aaedc37
                                                                              • Instruction ID: 6dea46a9f491113cf3b1f7edfe69089b19779c5ae74c3cef8d837f220e0fa9d8
                                                                              • Opcode Fuzzy Hash: 95245fb09b7cba9f2ba61e41dd3d4ca25b27a97a55f00ff0fe2e999c4aaedc37
                                                                              • Instruction Fuzzy Hash: 4821D4B2500204AEE7219B55DC84FABFBECEF04710F14845AEE459B241D770E908DB72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,010D1FDC,00000000,00000000,00000000,00000000), ref: 00CFABB4
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 2424276f9134bcfd04c0941e79ef1f198beca02cc41baec3c6fa5d8ce3585e67
                                                                              • Instruction ID: 010380c32864fcb1250d474f702938e95f98d1fe52d547686c778b43ebfb2b0d
                                                                              • Opcode Fuzzy Hash: 2424276f9134bcfd04c0941e79ef1f198beca02cc41baec3c6fa5d8ce3585e67
                                                                              • Instruction Fuzzy Hash: 772193B5504204AFE760DF55DC84F66FBECEF04710F14845AEE598B251D760E904CB72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,?,?,?), ref: 00CFB841
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: c3190ba7c8813a4eedcbf0a87a991c83f16633ea123da04fc41df81eb24a2298
                                                                              • Instruction ID: e9e9d2f645c387e0e290bc971436fb1f5ef2f80f1436a9fb127eb5a3fa2e9585
                                                                              • Opcode Fuzzy Hash: c3190ba7c8813a4eedcbf0a87a991c83f16633ea123da04fc41df81eb24a2298
                                                                              • Instruction Fuzzy Hash: 06219D764097C49FDB128B22DC50AA2BFB4EF17320F0D84DAEDC44F163D265A958DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CFA58A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: fe2651f42f4fe195b6b878d00652e4af332dea093602b4060331a9345caf830f
                                                                              • Instruction ID: c68c3e792c46abd872139a34765074cfb04c6b97d1db10e1e38eaba6facbb77d
                                                                              • Opcode Fuzzy Hash: fe2651f42f4fe195b6b878d00652e4af332dea093602b4060331a9345caf830f
                                                                              • Instruction Fuzzy Hash: 1D119071409784AFDB228F51DC44A62FFB4EF4A310F08849AED898B152C275A518DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: bea9e62ccbe6380f2df3f528874f6754836c14c000960fb2ad7811277f5ad8d5
                                                                              • Instruction ID: 19345d263f7b2101869ee92b1e33714456e77abf87b30384e7e0235db6744446
                                                                              • Opcode Fuzzy Hash: bea9e62ccbe6380f2df3f528874f6754836c14c000960fb2ad7811277f5ad8d5
                                                                              • Instruction Fuzzy Hash: 1811D0355093C0AFDB228F25DC45B52FFB4EF16220F0884DEED858B563D365A958CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DispatchMessageW.USER32(?), ref: 00CFBE70
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DispatchMessage
                                                                              • String ID:
                                                                              • API String ID: 2061451462-0
                                                                              • Opcode ID: 2d99e4b4cde5bcfe62352c8b9d41ab47f239c09972771d61162a2e68212fd19f
                                                                              • Instruction ID: ae6a761164ed2e26a714bf60cf1157920da2a1e416bf6c34b7e4a8b3006ca777
                                                                              • Opcode Fuzzy Hash: 2d99e4b4cde5bcfe62352c8b9d41ab47f239c09972771d61162a2e68212fd19f
                                                                              • Instruction Fuzzy Hash: BF1179754093C4AFDB128B25DC44B62BFB4EF57624F0980DEED848F263D2696908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 00CFB78A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateFromIconResource
                                                                              • String ID:
                                                                              • API String ID: 3668623891-0
                                                                              • Opcode ID: fa39014dfbc674fe4e0f462a56a3f4649bba59d82b91825cfea42c435b09c21f
                                                                              • Instruction ID: 9195f1b1c44753cec878176dfa662e7bf000775d841976f0909b8b5da3ce01e5
                                                                              • Opcode Fuzzy Hash: fa39014dfbc674fe4e0f462a56a3f4649bba59d82b91825cfea42c435b09c21f
                                                                              • Instruction Fuzzy Hash: 6011A2354083849FDB228F55DC44A52FFF4EF49310F0884AEED858B522C375A418CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFBEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteFileW.KERNELBASE(?), ref: 00CFBF0C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DeleteFile
                                                                              • String ID:
                                                                              • API String ID: 4033686569-0
                                                                              • Opcode ID: 4660289f5dd094579666b9252a70457456891d00a7711f5035a59fc1fab2ff40
                                                                              • Instruction ID: 9a315c353aec276c029c13dac9ed8ef547f26b72199f6849ed9ec2a28c7b033f
                                                                              • Opcode Fuzzy Hash: 4660289f5dd094579666b9252a70457456891d00a7711f5035a59fc1fab2ff40
                                                                              • Instruction Fuzzy Hash: 0A118F755053849FD711CF66DC85B66BFA8EF05220F0880AAED49CF252D374E948CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: 0cbd29912b5f91b8d6461106704570367c90b7313a4bad46becb1815889789af
                                                                              • Instruction ID: 9f8f644f849a86936d773a1e7d54c589dc569e4423d84b3bfe1c420ae0e06cfd
                                                                              • Opcode Fuzzy Hash: 0cbd29912b5f91b8d6461106704570367c90b7313a4bad46becb1815889789af
                                                                              • Instruction Fuzzy Hash: F7118F754493849FD711CF15DC85B52BFB4EB05220F0884AAED488F253D275A548CBA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,?,?), ref: 00CFA926
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: 5b26041abc3b447f94447384f76622f508feb5e7d9cd63fd948147577e0b1704
                                                                              • Instruction ID: 631277dd1c248455f577413e277dddb8bcd303bddbc77d6eb70707d911991c60
                                                                              • Opcode Fuzzy Hash: 5b26041abc3b447f94447384f76622f508feb5e7d9cd63fd948147577e0b1704
                                                                              • Instruction Fuzzy Hash: 8B11C2714097849FD7218F15DC85A52FFB4EF06320F09C4DAED894B262C375A908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFBED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DeleteFileW.KERNELBASE(?), ref: 00CFBF0C
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DeleteFile
                                                                              • String ID:
                                                                              • API String ID: 4033686569-0
                                                                              • Opcode ID: 06567d4534b8627d16b84017f7fc6c9e772dbfced105f80874ac56c9850c36d7
                                                                              • Instruction ID: 417dedd28e5beb8f5f92719515d1c8bb7bb7723847175e8533ac07003c566d45
                                                                              • Opcode Fuzzy Hash: 06567d4534b8627d16b84017f7fc6c9e772dbfced105f80874ac56c9850c36d7
                                                                              • Instruction Fuzzy Hash: 26019E75A002048FDB50CF6AEC857A6FB98DF00320F18C0AAEE59CB642D774E804CE62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CFA58A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 797b761901cc427e587ca4ba625e526ab3020be646ba7b828a83c1cccd746810
                                                                              • Instruction ID: e1244143fad6f51eaaedc056586214605709385c9ec438b81cdc754a73b7707b
                                                                              • Opcode Fuzzy Hash: 797b761901cc427e587ca4ba625e526ab3020be646ba7b828a83c1cccd746810
                                                                              • Instruction Fuzzy Hash: FB01AD714007049FDB218F55D844B66FFE0EF08720F08C4AAEE894A612C375A414DF62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 00CFB78A
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateFromIconResource
                                                                              • String ID:
                                                                              • API String ID: 3668623891-0
                                                                              • Opcode ID: 6a3d49079012ef6d1f2f66eec6e9726c024f22df86637903b3a2b008f88c440d
                                                                              • Instruction ID: 46461367a61934f37e7a44b3cd57516e83acdd4ed2a07cd3bc126609ed439dce
                                                                              • Opcode Fuzzy Hash: 6a3d49079012ef6d1f2f66eec6e9726c024f22df86637903b3a2b008f88c440d
                                                                              • Instruction Fuzzy Hash: 1B01AD714002049FDB219F56D844B66FFE4EF48720F18C4AEEE894A622C371E418DF72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 00CFAFEA
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Create
                                                                              • String ID:
                                                                              • API String ID: 2289755597-0
                                                                              • Opcode ID: 60b19324e39a74b19c802e1c668d45ea78d3d34569f6c6d9c749f6106cc085a0
                                                                              • Instruction ID: 16b207ab5a3e309dc0177531c2342cd7727efb4bf18f874a51b8f60b76da5eb5
                                                                              • Opcode Fuzzy Hash: 60b19324e39a74b19c802e1c668d45ea78d3d34569f6c6d9c749f6106cc085a0
                                                                              • Instruction Fuzzy Hash: 2101AD72600200ABD210DF1ADC86B26FBE8FB88B20F14815AED084B745E775F915CBE6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: de53bf0b8becadacfe05b6096bf40a01c2fac8b61d824278e1dab49c4f90dbec
                                                                              • Instruction ID: 4db2d45bfe0fd53cc19c3588a2ba826f26a43e957641729ce5be9df204e5908c
                                                                              • Opcode Fuzzy Hash: de53bf0b8becadacfe05b6096bf40a01c2fac8b61d824278e1dab49c4f90dbec
                                                                              • Instruction Fuzzy Hash: A701D4755043048FDB608F16D845B66FFA4EF14320F18C09EEE554B666C371E818DF62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: cae966a559be8bdb23afbda81bc9562b30ee17926c223af3485ee93fbe6a340d
                                                                              • Instruction ID: 8ba23c3005a39340eec000def234a61f4c26ab3fafed81cef69c7747ae4c830c
                                                                              • Opcode Fuzzy Hash: cae966a559be8bdb23afbda81bc9562b30ee17926c223af3485ee93fbe6a340d
                                                                              • Instruction Fuzzy Hash: 0C01ADB49042448FDB50EF16E884B66FFE4EF44320F18C0ABDE588F646D274A504CAA3
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SendMessageW.USER32(?,?,?,?), ref: 00CFB841
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessageSend
                                                                              • String ID:
                                                                              • API String ID: 3850602802-0
                                                                              • Opcode ID: bbec4737f2fedcbc857c691c139e4aabac7b7591791ca90c43cdb53bd2ffd835
                                                                              • Instruction ID: 9e7fafb451e0b964084a3f86f0a12b4b0544233276d31358f0711e26e7e76bfc
                                                                              • Opcode Fuzzy Hash: bbec4737f2fedcbc857c691c139e4aabac7b7591791ca90c43cdb53bd2ffd835
                                                                              • Instruction Fuzzy Hash: AB01A275500344DFDB208F16D884B65FFA4EF54720F18C09EDE990B662D375A918DFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,?,?), ref: 00CFA926
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: be0bb3bbf0ba9b36d3c7c5c5cdefcbbd9590f38d6fbc8a60d5054621ef3741f9
                                                                              • Instruction ID: 8295c3c2be84175d1c87f142be121a71373df0d832969e7e19808aa7bf6c989e
                                                                              • Opcode Fuzzy Hash: be0bb3bbf0ba9b36d3c7c5c5cdefcbbd9590f38d6fbc8a60d5054621ef3741f9
                                                                              • Instruction Fuzzy Hash: 9101AD754007088FDB608F06E885762FFA4EF04720F18C0AADE8A0B652C3B5A908DB63
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFA372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: daa6bd6a49b627e967976c0d23e9374cc709054c48d98719b2db45cb14a8ec02
                                                                              • Instruction ID: ecf09a1fc80bcb9e852f7d55c525f426bbca0bb8f66906e3b331ae84f80547cd
                                                                              • Opcode Fuzzy Hash: daa6bd6a49b627e967976c0d23e9374cc709054c48d98719b2db45cb14a8ec02
                                                                              • Instruction Fuzzy Hash: BEF0FFB44003489FDB208F16E884725FFA0EF04320F18C09ADE484B662C278E408CAA3
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CFBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DispatchMessageW.USER32(?), ref: 00CFBE70
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501820619.0000000000CFA000.00000040.00000001.sdmp, Offset: 00CFA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DispatchMessage
                                                                              • String ID:
                                                                              • API String ID: 2061451462-0
                                                                              • Opcode ID: daa6bd6a49b627e967976c0d23e9374cc709054c48d98719b2db45cb14a8ec02
                                                                              • Instruction ID: 03e2721accc4ae8af48b46964f2a97825508bc33f9593963dda0315095479f99
                                                                              • Opcode Fuzzy Hash: daa6bd6a49b627e967976c0d23e9374cc709054c48d98719b2db45cb14a8ec02
                                                                              • Instruction Fuzzy Hash: 6DF0FF349046488FDB208F06E8847A1FFA0EF04320F18C0AADE580B252C3B4A808CAA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0275087C, Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.502648070.0000000002750000.00000040.00000040.sdmp, Offset: 02750000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 644c9424420905ecc86b674ee388171bb37464b08d549c3391c02ef99a26e036
                                                                              • Instruction ID: 8d63b4dded458bdec57f2a926e1ecf3621d309091ca7f6fde7e26b0a2e755818
                                                                              • Opcode Fuzzy Hash: 644c9424420905ecc86b674ee388171bb37464b08d549c3391c02ef99a26e036
                                                                              • Instruction Fuzzy Hash: 2711E131204684DFE705CB24C940F26FBA5EB8C708F24C9ACED491B642C3BBE803CA91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02750846, Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.502648070.0000000002750000.00000040.00000040.sdmp, Offset: 02750000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7d78535001cdac4f7ab65fce345d2182b7c3fedc1852d12aa1d6aa0396af81c7
                                                                              • Instruction ID: d41a473761c4f4bbecdb5a08850008a5ffaa4a5a0ec30782a0a0ef25aeb37252
                                                                              • Opcode Fuzzy Hash: 7d78535001cdac4f7ab65fce345d2182b7c3fedc1852d12aa1d6aa0396af81c7
                                                                              • Instruction Fuzzy Hash: 9D219F751093C48FD7038B20D851B12BFB1AF4B318F1986DAD8888B6A3C33A9817CB52
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00D0AEC0, Relevance: .1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501855799.0000000000D02000.00000040.00000001.sdmp, Offset: 00D02000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 42f849b4c3706813ab1f2f0fa138ae7515aeb58ba18db3b26d0af88294159092
                                                                              • Instruction ID: 3f014137688346aed919ec4151f046c594f9cad91516690be0266ffcb85f928d
                                                                              • Opcode Fuzzy Hash: 42f849b4c3706813ab1f2f0fa138ae7515aeb58ba18db3b26d0af88294159092
                                                                              • Instruction Fuzzy Hash: 3611FEB5608301AFD350CF19DC81A57FBE9EB88660F04896EFD9997311D371E9048FA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027505CF, Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.502648070.0000000002750000.00000040.00000040.sdmp, Offset: 02750000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5e4f6d5ff364f1e3347237e47a09fa401e2d6556835fb3da84a46d9099dd7cf9
                                                                              • Instruction ID: 8ade23c6c7e309aaeacd871b20851b3d13e1d64b0813f7fd39e6b7c5b365328f
                                                                              • Opcode Fuzzy Hash: 5e4f6d5ff364f1e3347237e47a09fa401e2d6556835fb3da84a46d9099dd7cf9
                                                                              • Instruction Fuzzy Hash: F3F081B65097446FD7118F06EC41863FFACEF85620B09C4AEFC898B612D225A818CF71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02750938, Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.502648070.0000000002750000.00000040.00000040.sdmp, Offset: 02750000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction ID: 5fa4d3a4635c992efab15f323b68dcd1192aceda48aa5fba3eb3479df591cccf
                                                                              • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction Fuzzy Hash: E3F0FB35104645DFC606CB00D940B15FBA2EB89718F24C6A9E9491B652C377A813DA81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027505F6, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.502648070.0000000002750000.00000040.00000040.sdmp, Offset: 02750000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c56833823216aff6e9d29a85b2581e84f6529314c93dac35e841f81de09a5344
                                                                              • Instruction ID: 2f4427043a7abd967cb52da6882f8cd716caa63e6c89f98ce3d5da3014b1671f
                                                                              • Opcode Fuzzy Hash: c56833823216aff6e9d29a85b2581e84f6529314c93dac35e841f81de09a5344
                                                                              • Instruction Fuzzy Hash: 71E06DB66447004B9650DF0BFC82462FBD8EB84630718C46FDC0D8B701D675B5048EA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00D0AF0F, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501855799.0000000000D02000.00000040.00000001.sdmp, Offset: 00D02000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e516e9f388287929527bb01bb4a5423397fd0490e453b61666d9476009311cdc
                                                                              • Instruction ID: 11a6d80fa4d8206d103557a1f71bdb605082fd4cd94eef877e182befd519d22d
                                                                              • Opcode Fuzzy Hash: e516e9f388287929527bb01bb4a5423397fd0490e453b61666d9476009311cdc
                                                                              • Instruction Fuzzy Hash: ABE0D8B26413046BD2109E0BAC82B23FB58EB50A30F04C56BED085F702D271B5148AF5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CF23F4, Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501807035.0000000000CF2000.00000040.00000001.sdmp, Offset: 00CF2000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9dd2575603719bed0da80fb1e0b12ddc1c4d7cf0a715b8755a79dc4a931f0a93
                                                                              • Instruction ID: b77a4e0b01a6bbc842a8dd792a2b032be2d5e9ef91b958fcc8433e4dfdb95000
                                                                              • Opcode Fuzzy Hash: 9dd2575603719bed0da80fb1e0b12ddc1c4d7cf0a715b8755a79dc4a931f0a93
                                                                              • Instruction Fuzzy Hash: A4D05E79205A854FD3278A1CC1A8BA53F94EF51B04F4744FAE8008B663C3A8DA81E211
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CF23BC, Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000002.00000002.501807035.0000000000CF2000.00000040.00000001.sdmp, Offset: 00CF2000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ee3e830484ae9b4ac4126cac6afeb22dcef4f597fcea2356586b09fe627da737
                                                                              • Instruction ID: a9451e49cf0f0edb6811bcff060cbc2e92031b284b76f8a6775c813653de1dc2
                                                                              • Opcode Fuzzy Hash: ee3e830484ae9b4ac4126cac6afeb22dcef4f597fcea2356586b09fe627da737
                                                                              • Instruction Fuzzy Hash: F1D05E742016854BC715DB1CC194F6937D8AB41B00F0644E8AD108B272C3A8ED85C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 6200 Parent PID: 904 e92b274943f4a3a557881ee0dd57772d.exeCOMMON

                                                                              Executed Functions

                                                                              Function 02C0E20C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RemoveDirectoryTransactedW.KERNEL32(?,00000004,?,?), ref: 02C0E10E
                                                                              • RemoveDirectoryTransactedW.KERNEL32(?,?,?,?), ref: 02C0E25B
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DirectoryRemoveTransacted
                                                                              • String ID: (
                                                                              • API String ID: 3606267546-3887548279
                                                                              • Opcode ID: dbafb962cb43d51f8237beee61e72d40bda689010422351bd0daaa98a7ae1958
                                                                              • Instruction ID: 61b0eda6c7c41c803671138c69e2bcc00af45aeafce40a37935382aacc7e000d
                                                                              • Opcode Fuzzy Hash: dbafb962cb43d51f8237beee61e72d40bda689010422351bd0daaa98a7ae1958
                                                                              • Instruction Fuzzy Hash: 94319E75940228CFDB64CF98CC84BEDBBB1BB49304F1485D9E519A7292C735AE86CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0DFEB, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RemoveDirectoryTransactedW.KERNEL32(?,00000004,?,?), ref: 02C0E10E
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DirectoryRemoveTransacted
                                                                              • String ID: (
                                                                              • API String ID: 3606267546-3887548279
                                                                              • Opcode ID: f1d2b352436c211c51d309f4e4724888e40acbe0262a877441e5a0d9e5c2161d
                                                                              • Instruction ID: efb2451d5e5eb229abaff2c4f216e43df220adc12539e78f7c120910cfff956f
                                                                              • Opcode Fuzzy Hash: f1d2b352436c211c51d309f4e4724888e40acbe0262a877441e5a0d9e5c2161d
                                                                              • Instruction Fuzzy Hash: D35188B0D412288FDB64DF68C894BECBBB2BB49304F1095EAD509A7281DB305E85CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0DAE8, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d4d6a157a7d7e1a17ca04376f1afff68ed7540a65cc26bf11d1339d48a512479
                                                                              • Instruction ID: 96255b80df03421a8e01077c5b8dba56fcd1446ffab30998f5fa62a32bd60969
                                                                              • Opcode Fuzzy Hash: d4d6a157a7d7e1a17ca04376f1afff68ed7540a65cc26bf11d1339d48a512479
                                                                              • Instruction Fuzzy Hash: AD51F7B4D44229CBDB28CF69CD85BD9BBB2EF89300F10C4EAD559A7280DB705A85CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0DE31, Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateHardLinkTransactedW.KERNEL32(?,00000004,?,?), ref: 02C0DE97
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateHardLinkTransacted
                                                                              • String ID:
                                                                              • API String ID: 643163731-0
                                                                              • Opcode ID: 8007190f5c6fd6ed0c138809e3057df213ff0c674ce5785969db712135c685d5
                                                                              • Instruction ID: c5329ac179cc6d3594083132bd1abac5f8f65e13ea45ce72aca4daf53d720195
                                                                              • Opcode Fuzzy Hash: 8007190f5c6fd6ed0c138809e3057df213ff0c674ce5785969db712135c685d5
                                                                              • Instruction Fuzzy Hash: 4B51BD74E4122C8FDB64DF68C894BDDBBB1AF8A304F1484E9D449AB281DB309E85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E293, Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateDirectoryExA.KERNEL32(00000040,00003000,?,?), ref: 02C0E347
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateDirectory
                                                                              • String ID:
                                                                              • API String ID: 4241100979-0
                                                                              • Opcode ID: 01eef270ea2b5928943062f43bf91111216039df1cb54ec50fdad838bac4e419
                                                                              • Instruction ID: 3f2610dcb2ffebdc867df487caed43d43045fda736d07ff4aaed863b26dfb993
                                                                              • Opcode Fuzzy Hash: 01eef270ea2b5928943062f43bf91111216039df1cb54ec50fdad838bac4e419
                                                                              • Instruction Fuzzy Hash: C041DD74941228CFDB24DF69DC987EDBBB1AB89305F1089EAC509B7281DB315E85CF80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0DF9B, Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateHardLinkTransactedW.KERNEL32(?,00000004,?,?), ref: 02C0DE97
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateHardLinkTransacted
                                                                              • String ID:
                                                                              • API String ID: 643163731-0
                                                                              • Opcode ID: ad6fcb913306b24f94c30f0a53f538d381a2903eb9f0e40aeab8910d4fb22a29
                                                                              • Instruction ID: 49bdcfdbaf8a22faadaa8b56041c2bf2971444ed31b400f951ab0dfcc1821f33
                                                                              • Opcode Fuzzy Hash: ad6fcb913306b24f94c30f0a53f538d381a2903eb9f0e40aeab8910d4fb22a29
                                                                              • Instruction Fuzzy Hash: 7241AE74D4022CCFDB64DF65C884BD9BBB1AF49305F0084E9D549AB281DB349A85CF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E36F, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateDirectoryExA.KERNEL32(00000040,00003000,?,?), ref: 02C0E347
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateDirectory
                                                                              • String ID:
                                                                              • API String ID: 4241100979-0
                                                                              • Opcode ID: a7ffb269d32133fa5f8ecb25c4437024419554ac01f71c47643943f2a3f94443
                                                                              • Instruction ID: e2b011ca5c8051bba2159b7114599c065d32683d38ab0e72c4706f7b2f7c3b38
                                                                              • Opcode Fuzzy Hash: a7ffb269d32133fa5f8ecb25c4437024419554ac01f71c47643943f2a3f94443
                                                                              • Instruction Fuzzy Hash: 91312774844228CFDF29CF65C9847E9BBB1FF49304F1484EAD809A7296CB359A86CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051D090D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 051D0981
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.277119714.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 9399d5eda53c3358991a3fae32db108f70a58cbd5fec0c7470fdd01f5f1e5fee
                                                                              • Instruction ID: faee09f399b030ebc2cacd29157756e1a0a68ad971d2e79f585ce813bce7fe74
                                                                              • Opcode Fuzzy Hash: 9399d5eda53c3358991a3fae32db108f70a58cbd5fec0c7470fdd01f5f1e5fee
                                                                              • Instruction Fuzzy Hash: F5215C724093C09FDB138B25DC44A52FFB4EF17220F0985DBE9C58F163D265A958DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0DCC8, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RemoveDirectoryTransactedW.KERNEL32(?,?,?,00000000), ref: 02C0DDA7
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DirectoryRemoveTransacted
                                                                              • String ID:
                                                                              • API String ID: 3606267546-0
                                                                              • Opcode ID: bcdd4d3e845e1dbaaa2a9a0f1c868860cd92ef4282be71c6df94a0aac084e70a
                                                                              • Instruction ID: 10362ce24e449deb9e266920782c023cd950cff9e0e436c168fb855cb0645dfd
                                                                              • Opcode Fuzzy Hash: bcdd4d3e845e1dbaaa2a9a0f1c868860cd92ef4282be71c6df94a0aac084e70a
                                                                              • Instruction Fuzzy Hash: E421BF74D00228CFDB69DFA9CC98BECBBB1AB89305F1044E9D109A7291DB345E85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051D0B5B, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 051D0BC5
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.277119714.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 0e003a1d5368bfca6903b366d3510d43d4279506fbfa68a82d499c4e0378e540
                                                                              • Instruction ID: 1419bbe129464514333fd09eab31859fd52b8ee791b0022ef792c770584d511b
                                                                              • Opcode Fuzzy Hash: 0e003a1d5368bfca6903b366d3510d43d4279506fbfa68a82d499c4e0378e540
                                                                              • Instruction Fuzzy Hash: 8D1190765493849FDB228F15DC45B52FFB4EF06324F08C4DEED854B163D266A418CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0DBEF, Relevance: 1.6, APIs: 1, Instructions: 54timeCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateWaitableTimerA.KERNEL32(?,?,00000000,00000000,08000004,00000000,00000000,00000000), ref: 02C0DC9D
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateTimerWaitable
                                                                              • String ID:
                                                                              • API String ID: 253217371-0
                                                                              • Opcode ID: 75188a2ba6e80ebfa7ad0091d1be6a5c950960816e0a81da8f50b39b8e2552d2
                                                                              • Instruction ID: 97545b4be23c960895f79dbb7000ae19396f2a1b022337c8b1eaaec50cba181c
                                                                              • Opcode Fuzzy Hash: 75188a2ba6e80ebfa7ad0091d1be6a5c950960816e0a81da8f50b39b8e2552d2
                                                                              • Instruction Fuzzy Hash: 772108B4D4422CDFDB28CF64CD96BD9BBF1AB09304F1084EAD649A7281D7719A81CF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051D0B8A, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 051D0BC5
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.277119714.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 00ab2256f29b8755e4f81a6b9f7d7323ecedd10d0861ffe8ca88e8c5d4b79803
                                                                              • Instruction ID: 38b15cf455e9808c5116b7b4ead6321af0a92a70f1db52038875951f4e765989
                                                                              • Opcode Fuzzy Hash: 00ab2256f29b8755e4f81a6b9f7d7323ecedd10d0861ffe8ca88e8c5d4b79803
                                                                              • Instruction Fuzzy Hash: 8301B1765046408FDB20CF1AD884B65FFA4EF08324F08C0AEED464B651D376A418CF72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E3F8, Relevance: 1.5, APIs: 1, Instructions: 41fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FileReplace
                                                                              • String ID:
                                                                              • API String ID: 77091634-0
                                                                              • Opcode ID: 7edf7056649ce54eb2df6273da24a4d4f1917c3d6cb81ad9b810fdb0a5bce795
                                                                              • Instruction ID: 76e03081f660e5ae279b5fa3f49c9d67806e6b0b1319dad6b43d648c6c17f5ea
                                                                              • Opcode Fuzzy Hash: 7edf7056649ce54eb2df6273da24a4d4f1917c3d6cb81ad9b810fdb0a5bce795
                                                                              • Instruction Fuzzy Hash: D011C53498522CCFEB299F65C889BE8B7B1FB4A305F5085E9D80AA2295D7354FC5CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051D0946, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 051D0981
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.277119714.00000000051D0000.00000040.00000001.sdmp, Offset: 051D0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 0cc7c31c9d9896d91f122b60abc30a7c8686fc361e952626781a44d04ca3f8f4
                                                                              • Instruction ID: 14a691c9905c7bc08b99655e604bac25804dfaea8ffd3de0d2788e9de1c1e095
                                                                              • Opcode Fuzzy Hash: 0cc7c31c9d9896d91f122b60abc30a7c8686fc361e952626781a44d04ca3f8f4
                                                                              • Instruction Fuzzy Hash: C9018F754002009FEB20CF15D848B66FFA1EF48320F08C09AED890B252D375A458CFB2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E140, Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RemoveDirectoryTransactedW.KERNEL32(?,00000004,?,?), ref: 02C0E10E
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DirectoryRemoveTransacted
                                                                              • String ID:
                                                                              • API String ID: 3606267546-0
                                                                              • Opcode ID: f9250c1675fc5832ff4aa9bfdb73737bf57652d5b4b6245a37b257a149ab5fb3
                                                                              • Instruction ID: 78cc93af5be0427cd4092acc504a1ea3e0011029cb4dcbf3174858a3c84544ed
                                                                              • Opcode Fuzzy Hash: f9250c1675fc5832ff4aa9bfdb73737bf57652d5b4b6245a37b257a149ab5fb3
                                                                              • Instruction Fuzzy Hash: CC018C759402288FDB64DF69C880BE8B7B5BB48305F1484DAE51DE7281D7749AC5CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E969, Relevance: 1.5, APIs: 1, Instructions: 28fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FileOpen
                                                                              • String ID:
                                                                              • API String ID: 2669468079-0
                                                                              • Opcode ID: cc99cc6e93e9be3c5ab625425d2dd0c5b353d189d1c41ab80b44ca193558c965
                                                                              • Instruction ID: c98b047184ec87987d26b4fc97aed6254e5cb5bb89e67c1e896f4b29060de267
                                                                              • Opcode Fuzzy Hash: cc99cc6e93e9be3c5ab625425d2dd0c5b353d189d1c41ab80b44ca193558c965
                                                                              • Instruction Fuzzy Hash: 78F05E34C09248AFC741CBA598409ADBFB5AF46210F14C09AE88856252D7365B15DB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E9B9, Relevance: 1.5, APIs: 1, Instructions: 27fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FileOpen
                                                                              • String ID:
                                                                              • API String ID: 2669468079-0
                                                                              • Opcode ID: d218047fb065829afcf7ec0b70ba4277dd91b23e765cbacc57d5b6e9efd2852a
                                                                              • Instruction ID: 3c658fd8797e1226f6ab4316ca260ed1a371c78e31ff8db73df7768c2ebf4104
                                                                              • Opcode Fuzzy Hash: d218047fb065829afcf7ec0b70ba4277dd91b23e765cbacc57d5b6e9efd2852a
                                                                              • Instruction Fuzzy Hash: BBF0A034D0A248AFC701CFAAC8406EDBFB8EF46204F10C0EAE84897352C7369B05CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E978, Relevance: 1.5, APIs: 1, Instructions: 21fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FileOpen
                                                                              • String ID:
                                                                              • API String ID: 2669468079-0
                                                                              • Opcode ID: 98aebbfe9a545bb5f101b0a74ecea73e38c3b956bb9f56051601b6af4b12fbf2
                                                                              • Instruction ID: e6cc58dbe7faef65a8f0e73731810d4df7409e72588e86ce986fcd1396a3d4e5
                                                                              • Opcode Fuzzy Hash: 98aebbfe9a545bb5f101b0a74ecea73e38c3b956bb9f56051601b6af4b12fbf2
                                                                              • Instruction Fuzzy Hash: ABE0E578D08208AFCB44DF99D844AADBFB5EB89300F14C0AAD84867391D7369A56DF94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C0E9C8, Relevance: 1.5, APIs: 1, Instructions: 20fileCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.273971474.0000000002C00000.00000040.00000001.sdmp, Offset: 02C00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FileOpen
                                                                              • String ID:
                                                                              • API String ID: 2669468079-0
                                                                              • Opcode ID: d1a7f09e74d5ab337e80c87cb5bf0bec5697abaf8db66f444c45fcbee3023d77
                                                                              • Instruction ID: cb59206e6eb23a65ae11a340736465cd0414dcfadd15abb64f251706bdce9a61
                                                                              • Opcode Fuzzy Hash: d1a7f09e74d5ab337e80c87cb5bf0bec5697abaf8db66f444c45fcbee3023d77
                                                                              • Instruction Fuzzy Hash: C5E04F34D44108EFC744DF99D4816ACFBB8EB89304F20C0A9D84867341C7326A06CF80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C60498, Relevance: .2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.274040210.0000000002C60000.00000040.00000040.sdmp, Offset: 02C60000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1be464b953966949e68565ec490c0eae666b67b0482261eaf11d63c2bfa426b1
                                                                              • Instruction ID: ec3c103778e03ff3484ebb5fd9fbbf31d54af16b15d39da9dc87b72c8ed6c0fa
                                                                              • Opcode Fuzzy Hash: 1be464b953966949e68565ec490c0eae666b67b0482261eaf11d63c2bfa426b1
                                                                              • Instruction Fuzzy Hash: 942139B654E3C15FD7038B359C204A1BFB4AF4322170A84EBD885CF1A3E2695C49CB72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C60844, Relevance: .1, Instructions: 60COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.274040210.0000000002C60000.00000040.00000040.sdmp, Offset: 02C60000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 80a35c8a0cb299e02f317b7c8eb05cc676e30794df8d5024f0474a6f7a389765
                                                                              • Instruction ID: 932762dd952d12c28337c4c4f362c466f9c2bffec7f1be0e13930e27265acda8
                                                                              • Opcode Fuzzy Hash: 80a35c8a0cb299e02f317b7c8eb05cc676e30794df8d5024f0474a6f7a389765
                                                                              • Instruction Fuzzy Hash: 31218E751093C08FD703CB20D894721BFB2BF87218F1986DED4899B6A3C33A8816CB52
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C6087C, Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.274040210.0000000002C60000.00000040.00000040.sdmp, Offset: 02C60000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d2c90b1039f264958c96ef34b0128912fe65f62272aea1c806f16159c2fbcfac
                                                                              • Instruction ID: fe764f63ec04084ac13ea3008db5733a66ffbe3e230a6145b6650e657e16b063
                                                                              • Opcode Fuzzy Hash: d2c90b1039f264958c96ef34b0128912fe65f62272aea1c806f16159c2fbcfac
                                                                              • Instruction Fuzzy Hash: 4111E430204244DFE705CB14C888B36BB95FF88708F24C9ACE9496B742C37BD803CA91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C605CF, Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.274040210.0000000002C60000.00000040.00000040.sdmp, Offset: 02C60000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1086e5f845a287d9ab4aaabab7eb8c8cb799e5f1ec4fd9846fdeba2e15809c62
                                                                              • Instruction ID: d85186679ef866dc641d2ea1076b568f070f988114255da51b65d7757a5db3ef
                                                                              • Opcode Fuzzy Hash: 1086e5f845a287d9ab4aaabab7eb8c8cb799e5f1ec4fd9846fdeba2e15809c62
                                                                              • Instruction Fuzzy Hash: 6A018B755093845FD7119F19EC40866FFF8DF86620709C5AFFC8987612D225A508CF65
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C60938, Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.274040210.0000000002C60000.00000040.00000040.sdmp, Offset: 02C60000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction ID: 7ac06631097e3d2539c2febc74ff0c83a24d0d3ec25297612e43607abf7b84d1
                                                                              • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction Fuzzy Hash: 89F03135108645DFC706CF04D984B25FBA2FB89718F24C6ADE9491B752C337D913DA81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02C605F6, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 00000009.00000002.274040210.0000000002C60000.00000040.00000040.sdmp, Offset: 02C60000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5519c12d65f495b2a45a6b963af686c473794167aafb5dbcf6b687195b45fee1
                                                                              • Instruction ID: 6cda92223cc921aca06928171ab8d554f8261587826c25f15996b0e448ef9bea
                                                                              • Opcode Fuzzy Hash: 5519c12d65f495b2a45a6b963af686c473794167aafb5dbcf6b687195b45fee1
                                                                              • Instruction Fuzzy Hash: C1E06DB66006004B9750CF0AEC81456F7D8EB84630718C47BDC0D8B701D23AB5048FA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Analysis Process: dhcpmon.exe PID: 6296 Parent PID: 904 dhcpmon.exeCOMMON

                                                                              Executed Functions

                                                                              Function 03043A30, Relevance: 17.1, Strings: 13, Instructions: 888COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: &$-$.$=$?$F$N$U$\$_$h$m$t
                                                                              • API String ID: 0-2137078230
                                                                              • Opcode ID: 2cfd97f4b86934bfbe2ff3cc0f6f9ba12f120267c3eaa038939efa24fa20acb0
                                                                              • Instruction ID: e0efcd5ac3bc74a43c09a5340d231b7080bcf92fb75c6b0af38ea9d7cc08aac2
                                                                              • Opcode Fuzzy Hash: 2cfd97f4b86934bfbe2ff3cc0f6f9ba12f120267c3eaa038939efa24fa20acb0
                                                                              • Instruction Fuzzy Hash: 7582C1B5C06268CEDB68CFA6C9587EDFAB4BB45349F1494E9C109B7291C7780B88CF14
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03043A20, Relevance: 15.5, Strings: 12, Instructions: 483COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: !$,$7$=$D$F$G$K$X$Y$[$o
                                                                              • API String ID: 0-3673748993
                                                                              • Opcode ID: 8870743f784dd1f4787f086dffa0092b1e5a5bf0311655d019734ac2cac53624
                                                                              • Instruction ID: 84d04c818e757fbfe85b8032790a6919b6a39adc46a844a61040082a995c72cd
                                                                              • Opcode Fuzzy Hash: 8870743f784dd1f4787f086dffa0092b1e5a5bf0311655d019734ac2cac53624
                                                                              • Instruction Fuzzy Hash: 5222E5B5C06268CEEB68CF96C9583EDFAF5BB45349F1495E9C109A6291C7780BC8CF10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030467B0, Relevance: .2, Instructions: 168COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6321df72afc16ea864db0ef62357ff12a41440525d257e05d7b021a5a276accb
                                                                              • Instruction ID: e8e7ba275a6975c4b6a611f0299a25f873c4d14767bac830ca95c00a7be7f746
                                                                              • Opcode Fuzzy Hash: 6321df72afc16ea864db0ef62357ff12a41440525d257e05d7b021a5a276accb
                                                                              • Instruction Fuzzy Hash: 796117B0D011098BCB48DFAAC5845ADFBF6FF8A324F64C269E454BB354E7319A41CB64
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030465A8, Relevance: .2, Instructions: 167COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7982a83d85af6e0100de3ac24d6274598eaf8edda33922f6f4969ccf60304df6
                                                                              • Instruction ID: dc7981f19bdd52f7efc224a7e7446926015b956f4aed8c93ed35b21b1521f095
                                                                              • Opcode Fuzzy Hash: 7982a83d85af6e0100de3ac24d6274598eaf8edda33922f6f4969ccf60304df6
                                                                              • Instruction Fuzzy Hash: 805106B1D0121D8BDF08DFAAD9405DEBBB6FF8A324F548129D514BB350EB3259028F60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304659B, Relevance: .1, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9653f9a56c92458f3445e3892b82770cbbf021e6be6435c4023612aa987d033a
                                                                              • Instruction ID: e9e11679a60d079fb2bcc452cbdc50cb0b1b2244cd3e19f0518ee78bbcf70f29
                                                                              • Opcode Fuzzy Hash: 9653f9a56c92458f3445e3892b82770cbbf021e6be6435c4023612aa987d033a
                                                                              • Instruction Fuzzy Hash: EE41F8B1E012098BDB48DFAAC9405DEBBF6EF89310F64C17AD514BB355EA325902CF60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030467A3, Relevance: .1, Instructions: 118COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c7c5987c4e7e9f3018f0983cca978da04fea64f67b4749ac0b9cbf44fcf48eba
                                                                              • Instruction ID: ab8453ca8955a5cb0e9e4dfae63a3d26c075585b84f2f66e6e582474237bbc5b
                                                                              • Opcode Fuzzy Hash: c7c5987c4e7e9f3018f0983cca978da04fea64f67b4749ac0b9cbf44fcf48eba
                                                                              • Instruction Fuzzy Hash: 90411AB0D011098FCB48DFAAD58469DFBF6FF8A324F64C269E414AB364E73199018F60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03044AC0, Relevance: 10.5, Strings: 8, Instructions: 501COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: &$)$>$W$[$^$d$m
                                                                              • API String ID: 0-1240731744
                                                                              • Opcode ID: 512f853dc80884b34153d73e96abcfb29f4d342d614c518c8dadda4024ff94d5
                                                                              • Instruction ID: 3865617aa655d32c3805fbfea01cee0574958cbab2094a4a134ac0a9dcc249bc
                                                                              • Opcode Fuzzy Hash: 512f853dc80884b34153d73e96abcfb29f4d342d614c518c8dadda4024ff94d5
                                                                              • Instruction Fuzzy Hash: D622C3B5C06368CEEB64CFA2C9587EDFAB4BB46349F1494A9C10977291C7780B88CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030409D9, Relevance: 3.1, Strings: 1, Instructions: 1827COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <mp
                                                                              • API String ID: 0-3802700803
                                                                              • Opcode ID: a8981146a4f6302302f3cdc8ede9d9d4f71e4bd1f33c36a0ff8c7faad124a769
                                                                              • Instruction ID: d5afed082f2dccf2f8571218edea4ade9b7ca9d75705ce6563d4c6c5c44bbcba
                                                                              • Opcode Fuzzy Hash: a8981146a4f6302302f3cdc8ede9d9d4f71e4bd1f33c36a0ff8c7faad124a769
                                                                              • Instruction Fuzzy Hash: 6513A134A01218CFDB65DF24C998B99B7B2FF8A305F5145E9E409AB361CB35AE85CF01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030409E8, Relevance: 3.1, Strings: 1, Instructions: 1819COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: <mp
                                                                              • API String ID: 0-3802700803
                                                                              • Opcode ID: 0f59f052f9b41573b905cc52a1b9e6a3574678e94e7c77fcecb38a22967dcd77
                                                                              • Instruction ID: 21d8be6c99dcfd3de7adcea5116a2c013a2fd88ca2cbbda136d41887db6431b4
                                                                              • Opcode Fuzzy Hash: 0f59f052f9b41573b905cc52a1b9e6a3574678e94e7c77fcecb38a22967dcd77
                                                                              • Instruction Fuzzy Hash: 2F13A174A012188FDB25DF24C998B9DB7B2FF8A305F5145E9E409AB361CB35AE85CF01
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0157AAB1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: c1d87190440fc06c8f83fa3577df77ab6bf767e87dce34130936cc70573b1f19
                                                                              • Instruction ID: c5d69ffaa35a55410aba03c2dc7dbe5b3882fa56b4022a0a8fb69e4cc07632a1
                                                                              • Opcode Fuzzy Hash: c1d87190440fc06c8f83fa3577df77ab6bf767e87dce34130936cc70573b1f19
                                                                              • Instruction Fuzzy Hash: 2231C2B24043846FE7228B25DC85FABBFFCEF05310F08849AED808B152D264A909CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,65A9A7E1,00000000,00000000,00000000,00000000), ref: 0157ABB4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 32400fe9c38913351fed219559e7794456fd047b53533f3381e5f11020606365
                                                                              • Instruction ID: c5bf22e8eb6114f841dc32c09834ff42e3326a96b9052e8c546d014f0f77efb2
                                                                              • Opcode Fuzzy Hash: 32400fe9c38913351fed219559e7794456fd047b53533f3381e5f11020606365
                                                                              • Instruction Fuzzy Hash: 3C31B3755083846FE722CB65DC85FA6BFBCEF06310F18889AE985CF153D264E448CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B01D, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0157B0CE
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: 19d7c35734016f3635344c3aa4273f22145c5de49be6ed3a7523a4141465e307
                                                                              • Instruction ID: 37941c0856d9b8feb418b8e3096d7fed34c0459c00686be7dd763e61e6771bc0
                                                                              • Opcode Fuzzy Hash: 19d7c35734016f3635344c3aa4273f22145c5de49be6ed3a7523a4141465e307
                                                                              • Instruction Fuzzy Hash: 30314F7650E3C06FD7138B259C61A61BFB4EF47610F0E41DBE8848F5A3D628A909C7B2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0157AAB1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: ed5ce5ab70a01d8579ad781eca6b8df8458f42f95de1abde581df76b43a0475e
                                                                              • Instruction ID: ad17bbc665fb58b71d2af9cd5577ee35d459d723bc9f40bd7d08c1ecdb7c50cf
                                                                              • Opcode Fuzzy Hash: ed5ce5ab70a01d8579ad781eca6b8df8458f42f95de1abde581df76b43a0475e
                                                                              • Instruction Fuzzy Hash: 6E21A1B2500204AEEB219B59DD85FABFBECEF04310F18895AEE459B241D674E5088BB1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157BDAD, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DrawTextExW.USER32(?,?,?,?,?), ref: 0157BE2F
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DrawText
                                                                              • String ID:
                                                                              • API String ID: 2175133113-0
                                                                              • Opcode ID: 80cf41e62c6199435badc4a0487d0ea3d18a88cc8834bf2d0b305d2c20a35e23
                                                                              • Instruction ID: c17b9207f8c4a9b01400193f2b249a6227571e29736568fc1bb1fa90cf425aa9
                                                                              • Opcode Fuzzy Hash: 80cf41e62c6199435badc4a0487d0ea3d18a88cc8834bf2d0b305d2c20a35e23
                                                                              • Instruction Fuzzy Hash: 2B2192715053849FDB22CF25DC45B66BFF8EF16210F19889AED858F263D275E408CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,65A9A7E1,00000000,00000000,00000000,00000000), ref: 0157ABB4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 8f5b9fb6d6939609859294075051f5ba6d1484865497bb592fbbcf17205d2494
                                                                              • Instruction ID: 4d7026ee05b4d7925b50daa0485df5c8fbe6b91c146588b1691491b9e91f3983
                                                                              • Opcode Fuzzy Hash: 8f5b9fb6d6939609859294075051f5ba6d1484865497bb592fbbcf17205d2494
                                                                              • Instruction Fuzzy Hash: DA215175504204AFE721CE59DC85F6AFBECFF04710F18885AEA499B251D760E448CA71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B675, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0157B6F1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoadShim
                                                                              • String ID:
                                                                              • API String ID: 1475914169-0
                                                                              • Opcode ID: 0e6de2509cd8b4718e7a6aa771bc91eb0ba00f85e9c342dbd5b18960673dfee3
                                                                              • Instruction ID: 068d08fe3f9439e5eb2668772a1de1226da1833757e60961f37c2e2c00a12ba6
                                                                              • Opcode Fuzzy Hash: 0e6de2509cd8b4718e7a6aa771bc91eb0ba00f85e9c342dbd5b18960673dfee3
                                                                              • Instruction Fuzzy Hash: F92193755093845FEB228E25DC85B52FFF8FF46214F08808AED85CB253D265E508CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0587090D, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 05870981
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.279168750.0000000005870000.00000040.00000001.sdmp, Offset: 05870000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 0eaf64a196ee4ed165e37f8c0f39014e4170671b70cbca6085acb95f4c33219a
                                                                              • Instruction ID: 0a006ad43a73510e987ac1fc44e1692d7956f9d961a8286781dd750bfc8d099b
                                                                              • Opcode Fuzzy Hash: 0eaf64a196ee4ed165e37f8c0f39014e4170671b70cbca6085acb95f4c33219a
                                                                              • Instruction Fuzzy Hash: 19216A714093C09FDB128B25CC44A52BFB4EF17210F0984DBE9C48B163D225A858DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0157A58A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: a9de54be13a24ed92a9c0382a3ba72bb81a348d122a3385a03e64c03401e0e4e
                                                                              • Instruction ID: 6097a39c646aa80c5c2bdf4e64a4849898d20e753723549aa642a5b0748d3931
                                                                              • Opcode Fuzzy Hash: a9de54be13a24ed92a9c0382a3ba72bb81a348d122a3385a03e64c03401e0e4e
                                                                              • Instruction Fuzzy Hash: 79117F72409380AFDB228F55DC44A66FFF8EF4A220F08849AED858B163D375A418DB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B26F, Relevance: 1.6, APIs: 1, Instructions: 60libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNELBASE(?), ref: 0157B2D8
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: c7be0b7065596812edda00d5298eb0eb7e7d723d38b8047e4d373cd75578f96c
                                                                              • Instruction ID: a3c0e82453abc4bfefc68886e9a15bfe9e2d7cb00a2b3e2f3c9ef8640d933081
                                                                              • Opcode Fuzzy Hash: c7be0b7065596812edda00d5298eb0eb7e7d723d38b8047e4d373cd75578f96c
                                                                              • Instruction Fuzzy Hash: 8F114C715093C49FDB12CF29D845B96BFF8EF07210F0984EAED858F263D265A548CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05870B5B, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 05870BC5
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.279168750.0000000005870000.00000040.00000001.sdmp, Offset: 05870000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 4b4f95401d24671f91b06e8f5994f4219d8e071cd7eb92eee599f5e76006f0c9
                                                                              • Instruction ID: bd564c23f2e5bc886ac4a84fe3818358fcfb8c035e8d24cae32a1de5637f03cd
                                                                              • Opcode Fuzzy Hash: 4b4f95401d24671f91b06e8f5994f4219d8e071cd7eb92eee599f5e76006f0c9
                                                                              • Instruction Fuzzy Hash: 6F11D0714093849FDB228F15DC45B52FFB4EF06324F08C09EED858B263C265A918CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B316, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNELBASE(?), ref: 0157B37C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID:
                                                                              • API String ID: 3664257935-0
                                                                              • Opcode ID: 4f7bf1e78b0c09865b58ed8885c59b0dbcf879d4a7b193646e3f905ace54cb48
                                                                              • Instruction ID: 92632331e111436178fc806f8c492002cd198ae1d7130c7713496e884c12ce6d
                                                                              • Opcode Fuzzy Hash: 4f7bf1e78b0c09865b58ed8885c59b0dbcf879d4a7b193646e3f905ace54cb48
                                                                              • Instruction Fuzzy Hash: C611B2B55097805FD7128B25DC85B46BFB4EF02210F1980DBED858F2A3D365A948CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157BDDE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DrawTextExW.USER32(?,?,?,?,?), ref: 0157BE2F
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DrawText
                                                                              • String ID:
                                                                              • API String ID: 2175133113-0
                                                                              • Opcode ID: d075e0e3758be589d963cdd605a318ede318ef935208a7a21350559074c1bef5
                                                                              • Instruction ID: f2884609c61108352193ff2a2e23d9bef17b1aae7a036116c0d96aaa868b9ae2
                                                                              • Opcode Fuzzy Hash: d075e0e3758be589d963cdd605a318ede318ef935208a7a21350559074c1bef5
                                                                              • Instruction Fuzzy Hash: 4B112E755006049FEB21CF69E845B66FBE8FF04710F18886AEE858F752D375E414CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A290, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(?), ref: 0157A2EC
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 76c844afbd77c57d4d22c1937bc36065f2587c8b83a003284bb22192906a720e
                                                                              • Instruction ID: d5161f7cfe669248b82af640e4023ac235baab02adff9f3c145edf6ba4fa7bfd
                                                                              • Opcode Fuzzy Hash: 76c844afbd77c57d4d22c1937bc36065f2587c8b83a003284bb22192906a720e
                                                                              • Instruction Fuzzy Hash: D8118E755093849FD712CF29DC85B56FFB8EF06220F0980DAED858F263D264A948CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: 5c6f1fbfaff413360e1c3b908d309c285d9a813f8fea9630faffdbb61ff0e56c
                                                                              • Instruction ID: b92bf6669d4b9e9f18b16bd1d93124a4c3c6aa277b5163c7d97259a54fb5c670
                                                                              • Opcode Fuzzy Hash: 5c6f1fbfaff413360e1c3b908d309c285d9a813f8fea9630faffdbb61ff0e56c
                                                                              • Instruction Fuzzy Hash: 0D11AC354097849FDB228F15DC86B56FFB4EF06220F09C49AED858B262C375A818CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A350, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(?), ref: 0157A3A4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: 88fe2bbc58f8908be7886c87c42d13b69e9803396f504216e6dae160da775284
                                                                              • Instruction ID: 43da975ea396d0b4afdaa8d9613720653f73062b17ebfd53705845cea3f8146e
                                                                              • Opcode Fuzzy Hash: 88fe2bbc58f8908be7886c87c42d13b69e9803396f504216e6dae160da775284
                                                                              • Instruction Fuzzy Hash: 7601C4754093849FD7128F15DC85B56FFB4EF06220F1980DBED858F263D278A848CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B6A6, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0157B6F1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoadShim
                                                                              • String ID:
                                                                              • API String ID: 1475914169-0
                                                                              • Opcode ID: 7e1a75928688ce5a6272bad148974faa080bd9f17d67205b78286284fd815115
                                                                              • Instruction ID: 16097f94b38c9d7a705f6a2f7d5c3047051e3a544d3592a4d74cf8cb039cd5c0
                                                                              • Opcode Fuzzy Hash: 7e1a75928688ce5a6272bad148974faa080bd9f17d67205b78286284fd815115
                                                                              • Instruction Fuzzy Hash: BB0140755102049FEB20DE59E886B16FFE8FF44620F18C45ADE498B652D275E404CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0157A58A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: e824ad593cc06f878d962600ebd1ce486d03f8dc7cdc452c211bf67aa54ae5fa
                                                                              • Instruction ID: 57bb3f7c39743efb56f6f742940abc160aaeb86973f0e18ef4b6d2d17fdab35c
                                                                              • Opcode Fuzzy Hash: e824ad593cc06f878d962600ebd1ce486d03f8dc7cdc452c211bf67aa54ae5fa
                                                                              • Instruction Fuzzy Hash: FA016D718006009FDF218F55E885B5AFFE4FF48320F18C9AAED498B656C375A014CF62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B07E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0157B0CE
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: c2f95ef52f869b2873e71ff2b1bb1ae635ce20fa73e71f43e2a581938e50a147
                                                                              • Instruction ID: 4b3ff0975d709b42b92dce431c504f161fb0c41d5c4d44e6dacd479ca9fe7e88
                                                                              • Opcode Fuzzy Hash: c2f95ef52f869b2873e71ff2b1bb1ae635ce20fa73e71f43e2a581938e50a147
                                                                              • Instruction Fuzzy Hash: D401A271500200ABD710DF1ADC86B26FBE8FB88B20F14815AED084B745E635F515CBE5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B29E, Relevance: 1.5, APIs: 1, Instructions: 43libraryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • LoadLibraryW.KERNELBASE(?), ref: 0157B2D8
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LibraryLoad
                                                                              • String ID:
                                                                              • API String ID: 1029625771-0
                                                                              • Opcode ID: bc54040baae4385a1ccce8fb8f3b7e9eac65968a83429f93d3ebd9a4f9b011f3
                                                                              • Instruction ID: 2ea71824118b5fa1a1335d22f173cfc8310fd3e5c7ddf1a590e24ce2c4dd6b4e
                                                                              • Opcode Fuzzy Hash: bc54040baae4385a1ccce8fb8f3b7e9eac65968a83429f93d3ebd9a4f9b011f3
                                                                              • Instruction Fuzzy Hash: 52018F759112408FEB10DF29E886B6AFFE8EF44220F18C4AADD49CF246D274E444CBA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05870B8A, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 05870BC5
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.279168750.0000000005870000.00000040.00000001.sdmp, Offset: 05870000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: f94a5d8968fe782a036536227bf0500fe41bf6d1c81c811c75bcd1513f19fe1b
                                                                              • Instruction ID: f7774a2284f6e9c8ecb9540eb777ed4c40fe9264cfc1286fb4ba701b047a2fc3
                                                                              • Opcode Fuzzy Hash: f94a5d8968fe782a036536227bf0500fe41bf6d1c81c811c75bcd1513f19fe1b
                                                                              • Instruction Fuzzy Hash: 5E01B175500248CFEB208F19D885B65FFA5EF04324F08C09ADD458B651C271E958CF61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157B34A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FreeLibrary.KERNELBASE(?), ref: 0157B37C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: FreeLibrary
                                                                              • String ID:
                                                                              • API String ID: 3664257935-0
                                                                              • Opcode ID: 90db2373373639649cd801ffb950fff495d24fa9f787e169a09031cbacbec582
                                                                              • Instruction ID: 423856d56c23e7b4d41928c6d9ac9c11e8872060083a827d934c2e7984c65152
                                                                              • Opcode Fuzzy Hash: 90db2373373639649cd801ffb950fff495d24fa9f787e169a09031cbacbec582
                                                                              • Instruction Fuzzy Hash: 5301D1755106408FDB108F19E886756FFE4EF44220F18C0AAED498F756D275E488CBB2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A2B2, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • GetModuleHandleW.KERNELBASE(?), ref: 0157A2EC
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: HandleModule
                                                                              • String ID:
                                                                              • API String ID: 4139908857-0
                                                                              • Opcode ID: 324023e3cc84eb5fb73bd2688df94812ef0fd9d7d854a8a149f5d73f077cf58c
                                                                              • Instruction ID: c5c6e09e6bc93e0a9fdc480354ef50f575e10ac807d2b91ebec881ed5f1a40f8
                                                                              • Opcode Fuzzy Hash: 324023e3cc84eb5fb73bd2688df94812ef0fd9d7d854a8a149f5d73f077cf58c
                                                                              • Instruction Fuzzy Hash: 7C01AD759142408FEB10CF1AE88676AFFE4FF04220F1CC09ADD498F242D275E444CA62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05870946, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 05870981
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.279168750.0000000005870000.00000040.00000001.sdmp, Offset: 05870000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: c2dbfd72f8fc683e527a287a6f9c5fdf509cf38149bb3b505fca56e5059f5bcf
                                                                              • Instruction ID: 249e07f4651ca575d34ae257ae2595b69a58fd72e3b5982b2ef4636900d7d42c
                                                                              • Opcode Fuzzy Hash: c2dbfd72f8fc683e527a287a6f9c5fdf509cf38149bb3b505fca56e5059f5bcf
                                                                              • Instruction Fuzzy Hash: AF01A275414208DFEB20CF55D889B65FFA1FF54320F18C09ADD898B252D275E458DFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: 73ba7cc65dda9b057dd03bb2d022c2440c8d1f8a9d76f63dd36f5994dac26cf8
                                                                              • Instruction ID: 8a465402672ffa85072c6fe67ec03892562d3cfae3ca5927b7fbd1c9932fe008
                                                                              • Opcode Fuzzy Hash: 73ba7cc65dda9b057dd03bb2d022c2440c8d1f8a9d76f63dd36f5994dac26cf8
                                                                              • Instruction Fuzzy Hash: 7001A2354006049FDB208F15E886B59FFE4EF04720F18C49ADD454F252C375A418CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0157A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetErrorMode.KERNELBASE(?), ref: 0157A3A4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274352757.000000000157A000.00000040.00000001.sdmp, Offset: 0157A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ErrorMode
                                                                              • String ID:
                                                                              • API String ID: 2340568224-0
                                                                              • Opcode ID: 108624682fa4f9d7dfe22bf646af87e7141e20a7d64cefee66557f6d8304d72c
                                                                              • Instruction ID: 077910a07c3e19fa4d2dcb27c3642993de9402b6b2a7f0cc71e756cfa06e7943
                                                                              • Opcode Fuzzy Hash: 108624682fa4f9d7dfe22bf646af87e7141e20a7d64cefee66557f6d8304d72c
                                                                              • Instruction Fuzzy Hash: 3AF0A474414244DFDB108F19E886769FFE4EF44321F28C49ADD494F652D2B9A444CE62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03040448, Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `5(r
                                                                              • API String ID: 0-3683955166
                                                                              • Opcode ID: 0142f03f3124dc28e1e75f8397e276410d050aa559a9fcd9d487f6380a1f4683
                                                                              • Instruction ID: 850b393834b9a2c0268b1bd1200ea95d284763fcb62de379b073c5f4aa349a6f
                                                                              • Opcode Fuzzy Hash: 0142f03f3124dc28e1e75f8397e276410d050aa559a9fcd9d487f6380a1f4683
                                                                              • Instruction Fuzzy Hash: B691C0B4E01219CFDB54DFA9C994BADBBF1BF88310F1085A9D509AB390DB319A45CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03040438, Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: 385c4a94365422da1adecce512df33ee40254fa57766ebdefe495654abb4a419
                                                                              • Instruction ID: 52893204d6f87d9e62e30631543492756ea92dfb8edc1052a788e2a7bc4eca05
                                                                              • Opcode Fuzzy Hash: 385c4a94365422da1adecce512df33ee40254fa57766ebdefe495654abb4a419
                                                                              • Instruction Fuzzy Hash: A171D0B0E01218CFEB54DFA9C894BADBBF1BF49310F1485A9D509AB390DB319A85CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DFEB, Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: 50dc83f52f636ef5eb9de68716810b588bbc2b494ad9f44270ef33a0445f6ae6
                                                                              • Instruction ID: 6970768e2d796f4619c4700ff62e51987784b20d1ecd9151a5500d9d3e2df539
                                                                              • Opcode Fuzzy Hash: 50dc83f52f636ef5eb9de68716810b588bbc2b494ad9f44270ef33a0445f6ae6
                                                                              • Instruction Fuzzy Hash: C9518DB0D422288FDB64DF68C894BEDBBB2BB49304F1481EAD549A7291DB345E85CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03040879, Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: </(r
                                                                              • API String ID: 0-1274947426
                                                                              • Opcode ID: 8422e6da950860b807b14c9d57db62107d860d2f4c192a5e1f75f06d209c5bf1
                                                                              • Instruction ID: b7ba12734f5d15db963c89634733895104b816d19e355ed7f526e7ce68553072
                                                                              • Opcode Fuzzy Hash: 8422e6da950860b807b14c9d57db62107d860d2f4c192a5e1f75f06d209c5bf1
                                                                              • Instruction Fuzzy Hash: 78312D70A0110ADFCB45EBA8D595AEEBBB2FF85304F2045A9D4057B355CB30AE01DB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03040888, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: </(r
                                                                              • API String ID: 0-1274947426
                                                                              • Opcode ID: c05492df1066698c9e7fb833d404d5b0445ca722a424d828d9708d3c94d8bb2d
                                                                              • Instruction ID: 762d4c940c1c3b6d1a2e901c00de7e0979f532024bd498473a8116c4c8b233ac
                                                                              • Opcode Fuzzy Hash: c05492df1066698c9e7fb833d404d5b0445ca722a424d828d9708d3c94d8bb2d
                                                                              • Instruction Fuzzy Hash: 7931D974A0110ADFCB45EBA8D695AEEB7B2FF84304F2046A894056B354DF31AF01DBA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E20C, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: (
                                                                              • API String ID: 0-3887548279
                                                                              • Opcode ID: c00174391a2b75a9257119b221bd09ac693329116bb4abcfe03724d0a2bfa897
                                                                              • Instruction ID: 58adf8da78810bdfed5f714d2f5c7f20b39ae8ea4fc6407e32860a95ad6b2228
                                                                              • Opcode Fuzzy Hash: c00174391a2b75a9257119b221bd09ac693329116bb4abcfe03724d0a2bfa897
                                                                              • Instruction Fuzzy Hash: 4331AD75941228CFEB60CF58CC84BEDBBB5BB08304F1485E9E519A7292C735AE86CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D1C0, Relevance: .3, Instructions: 324COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 590c4eb427cfdd84de3cd11493a6f61e2796ce269e580814e0e6a881a1246a64
                                                                              • Instruction ID: 1b4e8e79830f2e8002196372b6fbcd7084969357ded9b46659ff06b29ad426f2
                                                                              • Opcode Fuzzy Hash: 590c4eb427cfdd84de3cd11493a6f61e2796ce269e580814e0e6a881a1246a64
                                                                              • Instruction Fuzzy Hash: 19D137B4D06218CFDB24DFA4D5487EDBBF0FB09306F1494A9D449A7282DB785A88CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D1D0, Relevance: .3, Instructions: 320COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0192bea4b57b0ff6cab423edc03573ffaa1b4574f278d6022588309d3b8831b7
                                                                              • Instruction ID: 7f56360c7571d9721fa5129c4a20232cd4d461dc7e80450b17360096b4749d9b
                                                                              • Opcode Fuzzy Hash: 0192bea4b57b0ff6cab423edc03573ffaa1b4574f278d6022588309d3b8831b7
                                                                              • Instruction Fuzzy Hash: E4D124B4D06218CFDB24DFA4D5487EDBBF0FB09306F1494A9D449A7282DB785A88CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03046A1D, Relevance: .2, Instructions: 202COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1271eda68d7ac1ca8384a8d3047361edf52954764a63792de9a318a2099e86c8
                                                                              • Instruction ID: 5068afb5ad5c85aa47db3d58faf0c2adfdc6efb14260b6545baa79d8d583e84d
                                                                              • Opcode Fuzzy Hash: 1271eda68d7ac1ca8384a8d3047361edf52954764a63792de9a318a2099e86c8
                                                                              • Instruction Fuzzy Hash: 1DA11574A01218CFDB50DF68D89ABACBBF1FB48305F1081A9E909A7355DB34AE81CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03046E50, Relevance: .2, Instructions: 195COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 17221f4461a473edde9e93553725863f940972ca38ca2892601fcc8a17317ea9
                                                                              • Instruction ID: 7830962a17b235d3a4de23edf6b304a416d564c53bf50b3d8ecfb6b4778ce5c6
                                                                              • Opcode Fuzzy Hash: 17221f4461a473edde9e93553725863f940972ca38ca2892601fcc8a17317ea9
                                                                              • Instruction Fuzzy Hash: C7A114B0A01218CFDB50DFA8D989A9CBBF1FB08309F1480A9E519AB355DB749D85CF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304CB41, Relevance: .2, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eb1c7c144d14f1ab058202a246151575ff5e3307b6e65504e910ea083221b27b
                                                                              • Instruction ID: 8a24f960d229afef852b224763101c1c092dcc371e2f2b2225ae48ac4b87c7fb
                                                                              • Opcode Fuzzy Hash: eb1c7c144d14f1ab058202a246151575ff5e3307b6e65504e910ea083221b27b
                                                                              • Instruction Fuzzy Hash: 8F7153B0D02209EFDB00CFA8D584AADBBB1FF4A314F6485A9E414BB351D7349A42CF65
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304CE38, Relevance: .1, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5598718c17d6d2d98deccb5a9da333e8ef84a6fa2d2926b55562dbadcd94e81d
                                                                              • Instruction ID: ff00ddb89f606310f909b77eed9b27523d452f2aab114890f547cfc14fc8fbb4
                                                                              • Opcode Fuzzy Hash: 5598718c17d6d2d98deccb5a9da333e8ef84a6fa2d2926b55562dbadcd94e81d
                                                                              • Instruction Fuzzy Hash: D0512AB0D07209AFEB04DFA9D584BADFBF5AF49314F248579E414B7394D7389A408B60
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D8BE, Relevance: .1, Instructions: 131COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ee878697c50ecca932d64517f6d8e0f0632360487f416a4d13d98f9b3d8bf506
                                                                              • Instruction ID: bf52def78899d6311366d055f12e609961fdf69b4bb38fec8544582f9472d1ea
                                                                              • Opcode Fuzzy Hash: ee878697c50ecca932d64517f6d8e0f0632360487f416a4d13d98f9b3d8bf506
                                                                              • Instruction Fuzzy Hash: 0A51AFB4E0A208DFCB44DFA9D484AEDBBF1BB89300F10956AD819BB356D7309A41CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03046DDD, Relevance: .1, Instructions: 126COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b295d121ef568388f8057ec9680d70fbba0bf4861ed6230668a127fedd3d9000
                                                                              • Instruction ID: 6811f94e996c6a7de8c338aa0f80fcea862df7aabdc7cf8616c28cd29c665f13
                                                                              • Opcode Fuzzy Hash: b295d121ef568388f8057ec9680d70fbba0bf4861ed6230668a127fedd3d9000
                                                                              • Instruction Fuzzy Hash: 355148B0A01218CFDB50DF68E985B9CBBF1FB48304F2080A9E519AB355DB349D81CF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DA79, Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d3e35e4fad835901bc655d02ea1b3f89ba0c3f6c8802faec69883ef4cc59c3bb
                                                                              • Instruction ID: 1995e6d7b76e85d41f36672184624315946e1341a6d0c0cb0216784c6b76a9bd
                                                                              • Opcode Fuzzy Hash: d3e35e4fad835901bc655d02ea1b3f89ba0c3f6c8802faec69883ef4cc59c3bb
                                                                              • Instruction Fuzzy Hash: CD41B3B4E0A208DFDB44DFA9D4849EDBBB5FB4A300F10952AD819BB351D7309A51CF44
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030470BC, Relevance: .1, Instructions: 121COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 26dc1b17c1b63a47481010bab665ae5678c80d57b15e884e2881c13d74e720a7
                                                                              • Instruction ID: 39d10c2180b0e748344b5dd1dd5d28439ca84ce89a66ffe6d86a6819cde0a006
                                                                              • Opcode Fuzzy Hash: 26dc1b17c1b63a47481010bab665ae5678c80d57b15e884e2881c13d74e720a7
                                                                              • Instruction Fuzzy Hash: A5515AB0A01218CFDB50DF68D985B9CBBF1FB08314F1480A9E549AB355DB749E85CF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304CE28, Relevance: .1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d7b51e77536e4c9d66b572d5429e7cb8e5cbf475a0c7d3f0627bacb1aaf0a81b
                                                                              • Instruction ID: ea7b1ed4eeaa16e9f5d04452079c160538e0c4ffac3b195425dc5750a7425ffe
                                                                              • Opcode Fuzzy Hash: d7b51e77536e4c9d66b572d5429e7cb8e5cbf475a0c7d3f0627bacb1aaf0a81b
                                                                              • Instruction Fuzzy Hash: 0A4136B0D07208AFEB44DFAAD944BEDBBF6AF49310F14857AE414B73A4D7384A408B50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DAE8, Relevance: .1, Instructions: 117COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4b34432304b1b76ba3610933e2d32f44f37d94306e081e00e86d67e94395f16b
                                                                              • Instruction ID: ddb3920c61e30155be1c784889c84835349eb0127387c4e848c658caacd9d47a
                                                                              • Opcode Fuzzy Hash: 4b34432304b1b76ba3610933e2d32f44f37d94306e081e00e86d67e94395f16b
                                                                              • Instruction Fuzzy Hash: E05103B4D05228CBDB68CF29C945BDABBF6AB88300F14C4FAD519A7251DB705A85CF80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DE31, Relevance: .1, Instructions: 114COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 016f2bb952cbc88b19708b1cbbf2a2207cf6765c8efd060a9c1c8e4c7af29e3e
                                                                              • Instruction ID: 91667c8817a6d58584ffdb587bce2bdd8f82868eb7e1366509d439ed153ffbcf
                                                                              • Opcode Fuzzy Hash: 016f2bb952cbc88b19708b1cbbf2a2207cf6765c8efd060a9c1c8e4c7af29e3e
                                                                              • Instruction Fuzzy Hash: D251BDB4E412298FDB64DF68C884BDDBBB1BF89304F1480EAD449AB241DB349E85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03046270, Relevance: .1, Instructions: 113COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f7e1b853675f79156ba750a0f67f5f7d4328b3c85b5342026f6819a942c6b80b
                                                                              • Instruction ID: 54769a5d795dad06e4ae21a6bdc993fa32abfaef8eb6045f39c0c6cc9f80514f
                                                                              • Opcode Fuzzy Hash: f7e1b853675f79156ba750a0f67f5f7d4328b3c85b5342026f6819a942c6b80b
                                                                              • Instruction Fuzzy Hash: F451BDB4E012089FCB48DFA9D98499DBBF2FF89300F24806AE515AB364EB359945CF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03060845, Relevance: .1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274744005.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e571357f9dfa249c536426940ae675f9538846006a655fa763f1c6c8f84684de
                                                                              • Instruction ID: da242ad5711f1964bc1df23893dbb5d4b499d361b797fde051d3b314932f2e21
                                                                              • Opcode Fuzzy Hash: e571357f9dfa249c536426940ae675f9538846006a655fa763f1c6c8f84684de
                                                                              • Instruction Fuzzy Hash: 1F31C77544E2845FD706CB20DC41A66BFB5EF87214F18C5DEE8844B253D2269D16C7A2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A6EC, Relevance: .1, Instructions: 93COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a999b63f8dcc16f515e6f705cb2e40e0a195661a29fa23cd0d6eddc476c5ccd6
                                                                              • Instruction ID: 78c97c9d96e4588f22f0347ded15b13bb38ffbc1e28c558ab70ecd59a2a14ef5
                                                                              • Opcode Fuzzy Hash: a999b63f8dcc16f515e6f705cb2e40e0a195661a29fa23cd0d6eddc476c5ccd6
                                                                              • Instruction Fuzzy Hash: 76316BB6509340AFD310CF0AEC45E57FFE8EB89630F14C96FF9499B211D275A8048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E293, Relevance: .1, Instructions: 92COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 26a10ecccc1d8225af716ea75ae2efb897222f972627acaa8d8dc1ba91e9b185
                                                                              • Instruction ID: 412eed6d722cc4809071a8351c0cc514147ae95627c8033ea2424a92b815bc87
                                                                              • Opcode Fuzzy Hash: 26a10ecccc1d8225af716ea75ae2efb897222f972627acaa8d8dc1ba91e9b185
                                                                              • Instruction Fuzzy Hash: CC41EFB4D42268CFDB64DF68D8587EDB7B0BB49301F2085EAC509A7291C7355B85CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A944, Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 68e71e923721110df1ba9881c43398f8feda19d10bf702f2315eb8688738f525
                                                                              • Instruction ID: f9936a9a3bfd8197e6dc928b9278a12327e6e313383b7aba0ff2143c70b999b0
                                                                              • Opcode Fuzzy Hash: 68e71e923721110df1ba9881c43398f8feda19d10bf702f2315eb8688738f525
                                                                              • Instruction Fuzzy Hash: 24317AB6909340AFD310CF09EC41E57FBE9EB88620F14C86FFD489B211D235A9058BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A81A, Relevance: .1, Instructions: 90COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: da48938fd477043e44b6a86e2712e9ae9610b6819b7f1c4f1d3b9b78764436b1
                                                                              • Instruction ID: a519399d852d6e89f622313ec2d60eadb46713c7685b3fa476400a3ffd28e77c
                                                                              • Opcode Fuzzy Hash: da48938fd477043e44b6a86e2712e9ae9610b6819b7f1c4f1d3b9b78764436b1
                                                                              • Instruction Fuzzy Hash: 19217AB6509340AFD310CF09EC41E57FFE8EB89620F18C96FFD499B211D275A9048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030605CF, Relevance: .1, Instructions: 89COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274744005.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5110e09436b9a6d1b29d0c7cf6724d44cd5c3ec3795ffd1a2ae50a75dc292e07
                                                                              • Instruction ID: fbef4a6ed521f2afd7e386c4eb89e56b99dba8b16c105f51a7ec404a3ef488cc
                                                                              • Opcode Fuzzy Hash: 5110e09436b9a6d1b29d0c7cf6724d44cd5c3ec3795ffd1a2ae50a75dc292e07
                                                                              • Instruction Fuzzy Hash: F80196B654D7C05FDB12CB15DC91862FFB8DF86620718C4DBEC498B652D125A809CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A3AA, Relevance: .1, Instructions: 85COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c3e38dbbd1733af48b8dd87f26dd961cca04793642890ef6875c86e6c2ce7f59
                                                                              • Instruction ID: 8927a4ea4fb0d5219c629a7506b16313119cacf10726bd2ba4be2ecbc7e5ffe3
                                                                              • Opcode Fuzzy Hash: c3e38dbbd1733af48b8dd87f26dd961cca04793642890ef6875c86e6c2ce7f59
                                                                              • Instruction Fuzzy Hash: 0721D176504340AFD7108F0AEC41E57FFE9EB85630F28C96FFD099B211D275A8048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A5C0, Relevance: .1, Instructions: 84COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ba5d34fe014e35e465a316601f081fa3f3949511dc7a859c66fc9811fa70a547
                                                                              • Instruction ID: f80837bb95ee04959e3de61292411f09c22166dce0173a09cd96727f2c040d33
                                                                              • Opcode Fuzzy Hash: ba5d34fe014e35e465a316601f081fa3f3949511dc7a859c66fc9811fa70a547
                                                                              • Instruction Fuzzy Hash: 5A21E276509340AFD700CF09EC41D56FFE8EB85630F18C96FFD489B211D236A5048BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158AAC8, Relevance: .1, Instructions: 81COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 48f3589d58547ab87001a92cfc432884432cb6f94c485f7aaeea6d34a5f47629
                                                                              • Instruction ID: f178f0a575c5a247c11b5627705a63eb7066b0f996f7214192d2ba2f63b4b335
                                                                              • Opcode Fuzzy Hash: 48f3589d58547ab87001a92cfc432884432cb6f94c485f7aaeea6d34a5f47629
                                                                              • Instruction Fuzzy Hash: 57314F7550D3815FD302CF29D851A56BFF4EF46614F0888DFE8C4DB252D2759908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DF96, Relevance: .1, Instructions: 80COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b96b292799d52ce769abae52c1f45bcbee72b805ec56486ac62fbc1037edba6f
                                                                              • Instruction ID: eeabc1795adf1c9c28573653e7ce71fcaa47c72ebd0ca24946d73e25e4fdc74f
                                                                              • Opcode Fuzzy Hash: b96b292799d52ce769abae52c1f45bcbee72b805ec56486ac62fbc1037edba6f
                                                                              • Instruction Fuzzy Hash: 1B41FFB4E41228CFDB60DF68C844BEDBBB1BB49304F1480EAD449AB251DB349B85CF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A191, Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9842f817f4fe1e10daba1c993891e950223a7f89ddc23d74581a1288f528670f
                                                                              • Instruction ID: ba14cddd6bf374c64d36fff8d64c67804076d67ddcf2f58c3597d10b31ed74e7
                                                                              • Opcode Fuzzy Hash: 9842f817f4fe1e10daba1c993891e950223a7f89ddc23d74581a1288f528670f
                                                                              • Instruction Fuzzy Hash: BD21C276505344AFD7108F4AAC41EA6FFE9EB85630F18C96FFD099B211D276A8048BA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030448A8, Relevance: .1, Instructions: 78COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2f1028f759da4c08a88320b0dddce86a2347db3a0f0f477cee5e15e9136fe1b5
                                                                              • Instruction ID: cab1f52d8496be72967ec18b76a24075cff1b0d6da76a24ab47f38fa18354ef7
                                                                              • Opcode Fuzzy Hash: 2f1028f759da4c08a88320b0dddce86a2347db3a0f0f477cee5e15e9136fe1b5
                                                                              • Instruction Fuzzy Hash: CA31E5B0D05209DFCB04DFA9C5806AEFBF2AF49310F2485AAD444B7245D3349A81DBA0
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A842, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 20f79f8b1df0090261bec2a6161e8658b3e02f5a11a837093e15bf74aebdcdf5
                                                                              • Instruction ID: b596234861af40b2e6706435cc8a6b6810e6bc0d1165aeb4578c08c62e07f67f
                                                                              • Opcode Fuzzy Hash: 20f79f8b1df0090261bec2a6161e8658b3e02f5a11a837093e15bf74aebdcdf5
                                                                              • Instruction Fuzzy Hash: FE212CB6554300AFD310CF0AEC41E57FBE9EB88670F14C92EFD499B311D275A9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A96E, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8941992cbde67a61d75af51d6bd82c0f271793912de2b5860402bce3322b5dfa
                                                                              • Instruction ID: 5f6709aa90be292ea2a35f8025f5a360b4f2ae28d950ab0a79857bf8ee6c82ca
                                                                              • Opcode Fuzzy Hash: 8941992cbde67a61d75af51d6bd82c0f271793912de2b5860402bce3322b5dfa
                                                                              • Instruction Fuzzy Hash: 9D212CB6554300AFD310CF4AEC41E57FBE9EB88670F14C92EFD499B311D275A9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A716, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9bf67386eb03f54e82338510a665a46f3199dd60aa1896abda8ab63f5a4e4dcd
                                                                              • Instruction ID: 43d70f4124e477c604632a87a9b33c89327a65117f27733ab3c5dd1584cae83d
                                                                              • Opcode Fuzzy Hash: 9bf67386eb03f54e82338510a665a46f3199dd60aa1896abda8ab63f5a4e4dcd
                                                                              • Instruction Fuzzy Hash: 15212FB6544304AFD310CF0AEC41E57FBE9EB88670F14C92EFD499B311D275A9148BA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A3D2, Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c85dddbf78678392126aa8879ce9b5e00a31a8c20b1a3de3daa0bf7114e6c6de
                                                                              • Instruction ID: 82f39d805248ce296e989aa9867b53abb57aafddad0461ae8e5e1287625d9d01
                                                                              • Opcode Fuzzy Hash: c85dddbf78678392126aa8879ce9b5e00a31a8c20b1a3de3daa0bf7114e6c6de
                                                                              • Instruction Fuzzy Hash: B7119376544200BFD610CF0AEC42E67FBE9EB84670F18C96BFD099B311D276B5148AA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A5EA, Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8ac80add047c4e3b5a5d7028463c44b4b8c1a4ba23af12245ad1537aebd9246d
                                                                              • Instruction ID: bf8b0ecd9850d54af2453d5ba1f2c14c6e36cdc33124b00fcfd3adec7622dab5
                                                                              • Opcode Fuzzy Hash: 8ac80add047c4e3b5a5d7028463c44b4b8c1a4ba23af12245ad1537aebd9246d
                                                                              • Instruction Fuzzy Hash: 73119376554200BFD610CF0AEC42E67FBE9EB84670F14C96BFD095B311D276B5148AA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03040006, Relevance: .1, Instructions: 68COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e9fbc71368919f888c641513ee7a69c977a3144aea79129f47453fe100ab3dc5
                                                                              • Instruction ID: 292f6b2b7803f771c7d5e804284acd827a9b98de45b026bcc99ea10bfc04428a
                                                                              • Opcode Fuzzy Hash: e9fbc71368919f888c641513ee7a69c977a3144aea79129f47453fe100ab3dc5
                                                                              • Instruction Fuzzy Hash: F511D3B280F3C08FC7539B709865198BFB0AE13211B1B81DBC481DF5A7E2291D4AD763
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A640, Relevance: .1, Instructions: 65COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5927a971799e82f88de45e3aade6bd1c0f4460c018dec5e30b660c450b27fe49
                                                                              • Instruction ID: c3e2e1af6331941d85dae56d4a020a6900002d2b179d3ac5342b0acbf4da05dd
                                                                              • Opcode Fuzzy Hash: 5927a971799e82f88de45e3aade6bd1c0f4460c018dec5e30b660c450b27fe49
                                                                              • Instruction Fuzzy Hash: 29218EB550D380AFD302CF25DC51956BFF5EF86620F0989DBF8888B253D234A908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D109, Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0cf8afb787089a329b70195dde615ffa528dff4aec17b24bd6dd2db52477f015
                                                                              • Instruction ID: 1f709869efe5ed36c322487d838ab20bd23e4356527852d62ec167c1e476a3ad
                                                                              • Opcode Fuzzy Hash: 0cf8afb787089a329b70195dde615ffa528dff4aec17b24bd6dd2db52477f015
                                                                              • Instruction Fuzzy Hash: 8F21D5B4D0520ADFCB04DF98C5959EEBBB1FF48310F1481AAD805AB362DB34AA41CB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A1BA, Relevance: .1, Instructions: 64COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fa088c9e855f6f43d9cd4ad6dcae24420265dd30f5d753d02ec5b4fd48db1f76
                                                                              • Instruction ID: b34fb9cf315c4f65a7c39cfc994eeb582aa7f33df7940284e2846469a6b10929
                                                                              • Opcode Fuzzy Hash: fa088c9e855f6f43d9cd4ad6dcae24420265dd30f5d753d02ec5b4fd48db1f76
                                                                              • Instruction Fuzzy Hash: 2E11E976640204BFD7108F0AEC42E66FBADEB84670F18C56BFD095B211D276B5148BB1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0306087C, Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274744005.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3bead1d22acafac0391a5459f76418c07efd7a24cbec087545561b0af3732582
                                                                              • Instruction ID: a66b11546b033839bb61210edbfac714090dae0f52831623902e659aed0a8f95
                                                                              • Opcode Fuzzy Hash: 3bead1d22acafac0391a5459f76418c07efd7a24cbec087545561b0af3732582
                                                                              • Instruction Fuzzy Hash: 93112930249244DFD705CB14C840B2AFBD5EB88708F28C99CE9895B747C37BD803CA91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030400A8, Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f677bd6e1b3a875d140e3e27bde2d1ef63f6625464c9bfea35ad2eb1e7cc6943
                                                                              • Instruction ID: ad7568bf775a22c3f0a9f58bf9cfec0da6e8aae8f6679828867b1a43f9e5a2b2
                                                                              • Opcode Fuzzy Hash: f677bd6e1b3a875d140e3e27bde2d1ef63f6625464c9bfea35ad2eb1e7cc6943
                                                                              • Instruction Fuzzy Hash: 2D216D70A0124BCFCB15EBA8E9945AD7BB2FF84344F2045AAD511AF294DF709E04DB92
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DCC8, Relevance: .1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cec26b395573d64b91086bf1117c5c112f693ccbd232dfa19fc707a2838d61f9
                                                                              • Instruction ID: 902910b2caf7efb193248833dfaa6e1ef7030c906356b6f7904f669c568157fe
                                                                              • Opcode Fuzzy Hash: cec26b395573d64b91086bf1117c5c112f693ccbd232dfa19fc707a2838d61f9
                                                                              • Instruction Fuzzy Hash: 68218EB4901268CFDB65DF69C854BECBBB1BB89305F1440EAD409AB2A1CB349E85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158AB09, Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: b08e9ec1478e0e7183ed6c4a08fab00c4ea686f5d5f3979afda8e9ea32075ee3
                                                                              • Instruction ID: 695162271128977a5001d073a393932aee63cf0280dcc7181cc2b29caf004640
                                                                              • Opcode Fuzzy Hash: b08e9ec1478e0e7183ed6c4a08fab00c4ea686f5d5f3979afda8e9ea32075ee3
                                                                              • Instruction Fuzzy Hash: D111E6B5909301AFD340CF19D881A5BFBE4FB88660F14892EF898D7311D331E9048FA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304DBEF, Relevance: .1, Instructions: 54COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 18585fafc004a801218da6f40337cfb193d4c93aae488a311dcad0d0933c5042
                                                                              • Instruction ID: aeb3b8f98cb39de8cc609f43980c593fae456e86ef3bd88b1f745e62323491c7
                                                                              • Opcode Fuzzy Hash: 18585fafc004a801218da6f40337cfb193d4c93aae488a311dcad0d0933c5042
                                                                              • Instruction Fuzzy Hash: F22127B4D002288FDB64CF64CD86BD9BBF5FB09304F1084EAD649A7281DB70AA81CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030400B8, Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 697d820a5ecfe71c25cdad076d4f8e348140fd1c3cab64ba509d3b10d7b8779f
                                                                              • Instruction ID: dd754d584e0de6ab2942b87beb3de40c7beca356f865184d45502ba0480cc99c
                                                                              • Opcode Fuzzy Hash: 697d820a5ecfe71c25cdad076d4f8e348140fd1c3cab64ba509d3b10d7b8779f
                                                                              • Instruction Fuzzy Hash: 05111970A0010BCFCB04EBA8E9549ADBBB2FB84344F205569D511AF294DF70AE04DBA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A118, Relevance: .0, Instructions: 50COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6315647c7bbbedc3bdd4e031ab95e00c6e033136826ae4c4934913111c8f3ea9
                                                                              • Instruction ID: 4fbeed38c4b6fee4348fa86e03904458f63e431c708f8535b19c249141308ab2
                                                                              • Opcode Fuzzy Hash: 6315647c7bbbedc3bdd4e031ab95e00c6e033136826ae4c4934913111c8f3ea9
                                                                              • Instruction Fuzzy Hash: 7801D4B150E3C06FE71287259C95A92BFB8EF43660F1884CBE9849F193D2166909C7A2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E646, Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bfcff56c17c31963f6c435b2e085d8ba6f93b1b5b1c7af3296542ae4e2abedf0
                                                                              • Instruction ID: 861c3265358115f5376f50ccb0465d9650fac1d22f9e9594e12fff9e402ed0d5
                                                                              • Opcode Fuzzy Hash: bfcff56c17c31963f6c435b2e085d8ba6f93b1b5b1c7af3296542ae4e2abedf0
                                                                              • Instruction Fuzzy Hash: 0711E9B4D02268CEDBA1DF28C8987DDB7B0BB49300F1481EAC509AA280CB745BC4CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E3F8, Relevance: .0, Instructions: 41COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ff44720a97be3d025628072e9f5c9fa45e56c88c95046db5a712c840b0678488
                                                                              • Instruction ID: 154873b7d9f70de35cb1d687f466e258481b402b8a8f416658504115801dd241
                                                                              • Opcode Fuzzy Hash: ff44720a97be3d025628072e9f5c9fa45e56c88c95046db5a712c840b0678488
                                                                              • Instruction Fuzzy Hash: 5C110974942228CFEB25DF24C859BE8F7B1FB0A305F5484E6C80962292C7354BC5CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D7BF, Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7d42fad288221ee526ce37ecc4a7d0f666039dca34aa6b52941403be18495a20
                                                                              • Instruction ID: 35fb3c5bc5f595c0c9f5427ae000ebdb0fe12beaa7ffdf2ca8875ac405433fd1
                                                                              • Opcode Fuzzy Hash: 7d42fad288221ee526ce37ecc4a7d0f666039dca34aa6b52941403be18495a20
                                                                              • Instruction Fuzzy Hash: C4F09075D1A244DFCB00CBA0D5495AEBF70EB4A201F2492E6D80563242D7741B06CBA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030403D0, Relevance: .0, Instructions: 35COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3a431b66b43014f1e5776f981f63bf6979b1b24ad0c1f626e91e7b99c498f258
                                                                              • Instruction ID: ebb9ac56e64396a2745bf72a84ce7d3f0f1e585557ca8fec0cf83f05791eaf12
                                                                              • Opcode Fuzzy Hash: 3a431b66b43014f1e5776f981f63bf6979b1b24ad0c1f626e91e7b99c498f258
                                                                              • Instruction Fuzzy Hash: 4E016D74A09259EFCB41DBA8C58088CFFF1FF09210B2585D6D844EB356D2349E46CB51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E140, Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9acb8718097919a8cd8ec17dca4d6fad745cc8f50a3bc005c29bfc061e2166f2
                                                                              • Instruction ID: e6e25b79087ee9be26d07d5f5d0d379857c018f6b545f217b46bd4e6f2fa51c4
                                                                              • Opcode Fuzzy Hash: 9acb8718097919a8cd8ec17dca4d6fad745cc8f50a3bc005c29bfc061e2166f2
                                                                              • Instruction Fuzzy Hash: 6F017AB59002288FDB60CF68C880BE8B7B5BB08301F1485EAE61DA7281C774AAC5CF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E969, Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5a72fe21ad7ca260cdfa0a97c6a81c611cb4804578fd598616c949cb3251b88c
                                                                              • Instruction ID: e6562e1652f6bc27dfae93a1ab8917c4c152bfb13092f7e78209c130cb567fc3
                                                                              • Opcode Fuzzy Hash: 5a72fe21ad7ca260cdfa0a97c6a81c611cb4804578fd598616c949cb3251b88c
                                                                              • Instruction Fuzzy Hash: DAF0BBF4805248DFCB91DFA5D4005ACBFB0EB56210F2481EFD88897392C1324B05DF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E9B9, Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: daf59a1ef4d47a8ee156d7537edf75d187e7dc4b612eee0610cd9f1d75868e3f
                                                                              • Instruction ID: ca639c27688737a9e7785b0ccf3430b5c486468f1751220d440c2f2912ad037f
                                                                              • Opcode Fuzzy Hash: daf59a1ef4d47a8ee156d7537edf75d187e7dc4b612eee0610cd9f1d75868e3f
                                                                              • Instruction Fuzzy Hash: C0F096B49062489FCB81DFA9C40029CBFB0EB56214F2485FFC88897381C2329F05CF80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03060938, Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274744005.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction ID: bf8be61771148593fd8d49fcde21491c987ca6a03e8e7fb0b3b4d49e7abb8080
                                                                              • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction Fuzzy Hash: 9BF01D35148645DFC706CF04D940B25FBE6EB89718F24CAADE9890B756C337D813DA91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D780, Relevance: .0, Instructions: 28COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e44c345715345ef57efeb9724ce4154f0678a1b48250cea700e280e4466d0be8
                                                                              • Instruction ID: dd48262febd82791ef7b107835f4c1f7d450475d3bdb6cc05b625b4e131234ed
                                                                              • Opcode Fuzzy Hash: e44c345715345ef57efeb9724ce4154f0678a1b48250cea700e280e4466d0be8
                                                                              • Instruction Fuzzy Hash: 18F0E5B080B244CFCB25EF74D24819E7F70DB4A205F3451F6E84557357D2311A0ACB95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030401D0, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 940323dca7e291b74013a35677ec6492b16548fad9cd2f487ef54068272059ea
                                                                              • Instruction ID: 65526e8c7a0f8a74fa176558280e53b1283bccf0640a82164c54bf5aca561385
                                                                              • Opcode Fuzzy Hash: 940323dca7e291b74013a35677ec6492b16548fad9cd2f487ef54068272059ea
                                                                              • Instruction Fuzzy Hash: F8F0EDB1C0630ADFCF14DFA8E4016ACBFB8EB06311F2090BAC804A7351C7790A84DB10
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 030605F6, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274744005.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd583b78bb936c70aeede41b93fda7fe49a78fd61b5146887923e26bfeb3e9eb
                                                                              • Instruction ID: 04059bc339b07011dde7fa06f50bff75558919acfd7da79a3e3c79481551f128
                                                                              • Opcode Fuzzy Hash: bd583b78bb936c70aeede41b93fda7fe49a78fd61b5146887923e26bfeb3e9eb
                                                                              • Instruction Fuzzy Hash: 17E092B6A006004BD750CF0AEC82452F7E8EB84630718C47FDC0D8B711D135B504CFA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A14C, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: dbd7d42e2310b5242878c745361f7fd7e5561401aa9c00aee89f252ad1188ed0
                                                                              • Instruction ID: 69f26dedef9b604e5008d70618d85b66cf9fd6cf681af3a8767461d73e00f250
                                                                              • Opcode Fuzzy Hash: dbd7d42e2310b5242878c745361f7fd7e5561401aa9c00aee89f252ad1188ed0
                                                                              • Instruction Fuzzy Hash: 75E0D8B19412006BD210CE0ADC82F12FB98EB40930F14C567ED085F341D075B5048AE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A7CF, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0d95a97253db81026fab5e122a38c474783e0b1a26497b2a11300a7ae3d245a6
                                                                              • Instruction ID: d8fbe4d941ed1b8fad9397964ed86a67d603713b081ac71f15c91574e6298fb9
                                                                              • Opcode Fuzzy Hash: 0d95a97253db81026fab5e122a38c474783e0b1a26497b2a11300a7ae3d245a6
                                                                              • Instruction Fuzzy Hash: 36E0D8B29412006BD210DF0A9C82F13FB98EB90A30F14C46BED085F342D075B5148AF5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A8FB, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ad56a5ed9dded6e1b2f6a8846270cea17eb9b0b5756ddd26878644b2c18d080
                                                                              • Instruction ID: d8d627cada54083d1e4bfdb76d8799332b612d7a9057e8d81329a4622fcfa467
                                                                              • Opcode Fuzzy Hash: 0ad56a5ed9dded6e1b2f6a8846270cea17eb9b0b5756ddd26878644b2c18d080
                                                                              • Instruction Fuzzy Hash: F7E0D8B29412006BD210CF0A9C82F12FB98EB50A30F14C46BED085F741D071B5148AF1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A57B, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1edc3f6db175519f9e205402552cedb192b86f2be8935a0fab1aa2d5fc022462
                                                                              • Instruction ID: 81d24c5222cd46263300594780b4450d107d5b24d5d6b16ee8042ebf11ba527d
                                                                              • Opcode Fuzzy Hash: 1edc3f6db175519f9e205402552cedb192b86f2be8935a0fab1aa2d5fc022462
                                                                              • Instruction Fuzzy Hash: F7E0D8B19512006BD210CE0A9C82B22FF98EB40930F14C567ED085F341D075B5048AE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158AB6B, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fc334505405ecadc951457192b3e4c26e450e38c94280e1dfaac7bbfa07ed44c
                                                                              • Instruction ID: fd07366e3d200f6f1272cdbae974ec7ad63d02eadffd2679661322777f2b7584
                                                                              • Opcode Fuzzy Hash: fc334505405ecadc951457192b3e4c26e450e38c94280e1dfaac7bbfa07ed44c
                                                                              • Instruction Fuzzy Hash: A0E0D8B29513006BD210CF0ADC82F52FB98EB84A30F14C467ED085F342D071B5148AF5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A363, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: bd428b4f3ed93f6af66d18e2b0aaebc1bbc39f2f77d412e0cbb51f26b408060e
                                                                              • Instruction ID: 7ec06866c84a080e5452a015b630bf1af19fc0ff8f844bb7d56b64bccde4d8a3
                                                                              • Opcode Fuzzy Hash: bd428b4f3ed93f6af66d18e2b0aaebc1bbc39f2f77d412e0cbb51f26b408060e
                                                                              • Instruction Fuzzy Hash: 86E0D8B19412006BD210DE0A9C82B13FB98EB40930F18C56BED085F342D075B5148AE1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0158A6A3, Relevance: .0, Instructions: 26COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274387169.0000000001582000.00000040.00000001.sdmp, Offset: 01582000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6abefbc256faf168e5451319804122e4d0a42224577c99e791c33975ba98e10d
                                                                              • Instruction ID: 68a373746197d8ea356753074b50f2b1d9909a794d03def6f78694a93b480c5f
                                                                              • Opcode Fuzzy Hash: 6abefbc256faf168e5451319804122e4d0a42224577c99e791c33975ba98e10d
                                                                              • Instruction Fuzzy Hash: 7EE0D8B2A412046BD210CF0A9C82F22FB98EB50A30F14C56BED085F341D071B5148AE5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03046223, Relevance: .0, Instructions: 25COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9281f073cc0f5ff55c48f2c25703201b9e16194429aecf71ba4e0c54cfe19f84
                                                                              • Instruction ID: 5d63a87cd8eedf6be810da97d3b7662e4ed6985b6ac3c174e5f2e992426ec08c
                                                                              • Opcode Fuzzy Hash: 9281f073cc0f5ff55c48f2c25703201b9e16194429aecf71ba4e0c54cfe19f84
                                                                              • Instruction Fuzzy Hash: 07F0ED70805308EFCB14DFA8D8959ADBFB1FF4B311F2095AAD800A7256C7355A84DB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D7D0, Relevance: .0, Instructions: 23COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c4d094714fc46e2661e88758d95f74077e110209555bc6af24a1216282c55811
                                                                              • Instruction ID: 8e62f1586f18e9787b1025ee965cc1b2e22ecc9932898ced6d1596c8268abfde
                                                                              • Opcode Fuzzy Hash: c4d094714fc46e2661e88758d95f74077e110209555bc6af24a1216282c55811
                                                                              • Instruction Fuzzy Hash: D4E01AB4D09208DFC704DFA4E54AABEBFB5EB89341F20D1A9D80963346DB302A00CF95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E978, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ed289f2efb9d08df449769ead9e0281bd4d6c820d5f005cf71522de0506332fa
                                                                              • Instruction ID: b16c66070002ced13f15cf3a0fc1824c47f806fbd47c589544a3857de338a1a0
                                                                              • Opcode Fuzzy Hash: ed289f2efb9d08df449769ead9e0281bd4d6c820d5f005cf71522de0506332fa
                                                                              • Instruction Fuzzy Hash: DCE0EDB4D05208AFC754DF94D4445ADFFB5EB49300F14C0AA985867341D6359B51DF54
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304D821, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65b1a2caee8d952ef613697984034d67c783c876717fc482e2dd9ae04b3982e7
                                                                              • Instruction ID: 0d48e111bc9a2eccaba8cbf23a70705df2887669432ca6b1990a957dda7093f3
                                                                              • Opcode Fuzzy Hash: 65b1a2caee8d952ef613697984034d67c783c876717fc482e2dd9ae04b3982e7
                                                                              • Instruction Fuzzy Hash: C2E046B4946208DFCB40CFA4C5496AEBBB0EB89340F1091AAE81AA3311DB341B42CF90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03046230, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 60dd29316de7b1119f7bef7e5bcab390586aee1c459ff37c8674f112573cb41a
                                                                              • Instruction ID: 0fb89727a76cea455051cf064684419288f2686a3fffcf21618d6552a25dce3e
                                                                              • Opcode Fuzzy Hash: 60dd29316de7b1119f7bef7e5bcab390586aee1c459ff37c8674f112573cb41a
                                                                              • Instruction Fuzzy Hash: 41E0867080520CEFC714EFA8D48599DBF72FB46301F209065DC0437344DB315A94DB94
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E9C8, Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 02791002ad8f9318de77a03214c43e6b4b9a28ab1393edbcdde155b2be926b27
                                                                              • Instruction ID: f785473a618e7f5d646a9a58a081576b76a8098f6654397b763ad8f325d24615
                                                                              • Opcode Fuzzy Hash: 02791002ad8f9318de77a03214c43e6b4b9a28ab1393edbcdde155b2be926b27
                                                                              • Instruction Fuzzy Hash: C8E01A74D05108EFC784DF99D4416ACFBB4EB48300F2080A9D84867381C632AE02CF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 03040070, Relevance: .0, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4b838509d833d9d2aeac866ce5816c621f8390ef03a440c3ae966b3a84583a8b
                                                                              • Instruction ID: 5b7418cab156af9ad899bd4074cf8e1a09154de77349ddb2ece3fa7cb6bbac63
                                                                              • Opcode Fuzzy Hash: 4b838509d833d9d2aeac866ce5816c621f8390ef03a440c3ae966b3a84583a8b
                                                                              • Instruction Fuzzy Hash: AEE0EC70802208DFC764EFB4E50966CFBF5EB04302F1151A9E805A6384DB725A54DB96
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 015723F4, Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274343490.0000000001572000.00000040.00000001.sdmp, Offset: 01572000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a169640786577f60f58a3f495125f2796799739cd83719b8ffc792853f63adc8
                                                                              • Instruction ID: 6b3ba5e4e616e42cc9358a9c43c09dec660a4e04574111342ecb72f3e04962f4
                                                                              • Opcode Fuzzy Hash: a169640786577f60f58a3f495125f2796799739cd83719b8ffc792853f63adc8
                                                                              • Instruction Fuzzy Hash: 94D05E79215A818FE3268A1CD1A9B993FA5FF51B04F4644F9E8008F663C368D581D200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 015723BC, Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274343490.0000000001572000.00000040.00000001.sdmp, Offset: 01572000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8d5537e5d2e01f20f72dc2a8c8734efecfc62ed4b4ff6c033ae752be1896ea29
                                                                              • Instruction ID: 5d27ccecbbc6d8708c495cc5f5b01ecdb6e19f78e09b475ea96ab133a762c30c
                                                                              • Opcode Fuzzy Hash: 8d5537e5d2e01f20f72dc2a8c8734efecfc62ed4b4ff6c033ae752be1896ea29
                                                                              • Instruction Fuzzy Hash: F6D05E342016814BD715DB1CD195F5D3BD4BB41B00F0644ECAC008F262C3A4E881C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0304E3BA, Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 95dd26df8f0086ba6db33167e03236c4f638ec3de69c34bb8ad5c5b193e08b7e
                                                                              • Instruction ID: 0b37c751692e016a5441f81ae7a46d923a52778e9c0560a629d0c774d28d5b36
                                                                              • Opcode Fuzzy Hash: 95dd26df8f0086ba6db33167e03236c4f638ec3de69c34bb8ad5c5b193e08b7e
                                                                              • Instruction Fuzzy Hash: C7E0427984422DCFDB24DF61D8497E9BBB1AB45345F1050E69805A2291CA345BC5DF50
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Function 030452F7, Relevance: 11.7, Strings: 9, Instructions: 497COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000A.00000002.274699886.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: *$,$M$V$c$d$r$s$w
                                                                              • API String ID: 0-114772015
                                                                              • Opcode ID: 036a027cf629171d329d9ab63681af8eaa5b8a0d5a6daad964a211020d9179d2
                                                                              • Instruction ID: 09d2ed53e28f350cd9e5ef5e7fd795c189fa8c73c8a975556c2703ffdc99ae6f
                                                                              • Opcode Fuzzy Hash: 036a027cf629171d329d9ab63681af8eaa5b8a0d5a6daad964a211020d9179d2
                                                                              • Instruction Fuzzy Hash: 0D32E7B1C06268CFEB28CFA6C9183EDFAF5AB46345F1484A9C14966291D7780B89CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Analysis Process: e92b274943f4a3a557881ee0dd57772d.exe PID: 6460 Parent PID: 6200 e92b274943f4a3a557881ee0dd57772d.exeCOMMON

                                                                              Executed Functions

                                                                              Function 050923A0, Relevance: .5, Instructions: 505COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a4bed266015f6010a38f047b8424bd2adbdf0b2d2905da15a0feceef12795ebc
                                                                              • Instruction ID: 8528a705563ead9ddfe18d2300603855c98c9b78692fe6cc0470a29d3d307910
                                                                              • Opcode Fuzzy Hash: a4bed266015f6010a38f047b8424bd2adbdf0b2d2905da15a0feceef12795ebc
                                                                              • Instruction Fuzzy Hash: 9412EC39A04226DFCB28DF3AE4906ADBBF2FF84314F108169D456EB259DB758841DF40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05092FA8, Relevance: .2, Instructions: 239COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 08e218024169eba27928988eee0fbee5e7e3bbc583e5998c8cb581baffd20170
                                                                              • Instruction ID: 08c6d036c7592474f52d26799ef40948baa5218f157d12cb4dc8b08d63726200
                                                                              • Opcode Fuzzy Hash: 08e218024169eba27928988eee0fbee5e7e3bbc583e5998c8cb581baffd20170
                                                                              • Instruction Fuzzy Hash: 16819172F011159FDB18DB69E854AAEBBF3AFC8310F2A8475E405EB359DE319C019B90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050909A5, Relevance: 5.2, Strings: 4, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: X1(r$X1(r$X1(r$X1(r
                                                                              • API String ID: 0-1974604117
                                                                              • Opcode ID: b005a5f9bec322511ed00692bb4eceebfb3822ec8a8b72bd682135ebcfd9a3a7
                                                                              • Instruction ID: 8019beae017d99d02594b6c68a819abad8abc1108d45cd3600a02d5255be756a
                                                                              • Opcode Fuzzy Hash: b005a5f9bec322511ed00692bb4eceebfb3822ec8a8b72bd682135ebcfd9a3a7
                                                                              • Instruction Fuzzy Hash: 7A51A432B14115DFCF18DB68E868ABEB7F2FF84704F2085A5E5469B258DB319D02DB90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050912A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $g%r
                                                                              • API String ID: 0-359987751
                                                                              • Opcode ID: 3fc7f228085dd190d7570dbfb086b043fc6668fca533d8414cfdd7209ff7f3b7
                                                                              • Instruction ID: 5ea7077af9e603dd7cdc223e087a5c08a0f3367fdd644d68866499d1918e5872
                                                                              • Opcode Fuzzy Hash: 3fc7f228085dd190d7570dbfb086b043fc6668fca533d8414cfdd7209ff7f3b7
                                                                              • Instruction Fuzzy Hash: F722E534A0061ACFCB24DF29D490A6EB7F2FF88300B148699D85A9B759DB35ED45CF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0108AAB1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 8b449e514be70dd7128164d574ad6f83c252cc5bd6f1c9b7bda240550f822e6a
                                                                              • Instruction ID: 789f1b82c471d4b5bdcf88a4bc61c8a9643df1daa11ca89e19740f6ae5f3bff4
                                                                              • Opcode Fuzzy Hash: 8b449e514be70dd7128164d574ad6f83c252cc5bd6f1c9b7bda240550f822e6a
                                                                              • Instruction Fuzzy Hash: DB31A4B2508384AFE7128B65CC85FA7FFECEF05310F08849AED819B552D764A509CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051C00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateMutexW.KERNELBASE(?,?), ref: 051C019D
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.291306404.00000000051C0000.00000040.00000001.sdmp, Offset: 051C0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateMutex
                                                                              • String ID:
                                                                              • API String ID: 1964310414-0
                                                                              • Opcode ID: 1a99bff4bb513b31c32c89417437f7d58fcaef50b5dee728557ac66a9f5586d4
                                                                              • Instruction ID: 0a4a4d95ba45ed54f591845bebe57b0b45dd796c1d1193b41a5c457f5f4eb36a
                                                                              • Opcode Fuzzy Hash: 1a99bff4bb513b31c32c89417437f7d58fcaef50b5dee728557ac66a9f5586d4
                                                                              • Instruction Fuzzy Hash: 07318175509780AFE712CB65DC84F56FFF8EF06210F08849AE9858B293D375E909C761
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,414A5DD9,00000000,00000000,00000000,00000000), ref: 0108ABB4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 67092f6c6f2121d801143bc59399d61da4f5b81668079083c5b0aec4071abb73
                                                                              • Instruction ID: 76f104018b2edc9bad0b99fd2d3ed438ead056a26261c8db56ed66100e48ee96
                                                                              • Opcode Fuzzy Hash: 67092f6c6f2121d801143bc59399d61da4f5b81668079083c5b0aec4071abb73
                                                                              • Instruction Fuzzy Hash: C9318176509384AFE722CB65CC84F92BFFCEF06310F1888DAE9858B153D264E549CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108AF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0108AFEA
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: ecc61c4763905d5f448faf2d43eb658f9cdf005a887f9e936653b4b397e464fb
                                                                              • Instruction ID: c6147a2e76289f08a109fe80e395cdf00b5570b444ced3da9e5e8081a8c38be0
                                                                              • Opcode Fuzzy Hash: ecc61c4763905d5f448faf2d43eb658f9cdf005a887f9e936653b4b397e464fb
                                                                              • Instruction Fuzzy Hash: F521837554E3C06FD3138B258C51B61BFB8EF87610F0A41DBE984CB5A3D229A919C7B2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0108AAB1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: dae965ec0e4e77985ae78c2d0a303eface804ba20ec51d23578fd9c40144a6d8
                                                                              • Instruction ID: 2366fbad27331bf77f5f292f74999db9090dc62e4091930478aed96a04b925aa
                                                                              • Opcode Fuzzy Hash: dae965ec0e4e77985ae78c2d0a303eface804ba20ec51d23578fd9c40144a6d8
                                                                              • Instruction Fuzzy Hash: E121A1B2504204AEE7219B59DD84FABFBECEF04320F14845AEE859B641D774E5088BB1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051C012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateMutexW.KERNELBASE(?,?), ref: 051C019D
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.291306404.00000000051C0000.00000040.00000001.sdmp, Offset: 051C0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateMutex
                                                                              • String ID:
                                                                              • API String ID: 1964310414-0
                                                                              • Opcode ID: c8a9b2a060a8f8d2e77618b48d810d869d444b48fc08717c7d84a6d53cc68af7
                                                                              • Instruction ID: 831761039b4817376adf06748fbc626589c249074d0564a222512b16d5c7f4d3
                                                                              • Opcode Fuzzy Hash: c8a9b2a060a8f8d2e77618b48d810d869d444b48fc08717c7d84a6d53cc68af7
                                                                              • Instruction Fuzzy Hash: E9218EB5504240AFE721DF69DC89B6AFFE8EF18310F1484AEE9458B242E771E904CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051C01F4, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 051C0264
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.291306404.00000000051C0000.00000040.00000001.sdmp, Offset: 051C0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: f0ff273e47efb88d9ff33024e0f2ee5d02c4394cc0d99f92bf241193a9c78517
                                                                              • Instruction ID: 226d6959f161516c3ec89a29f7b859cb78befd36d47f8ad41c5c104890553f8c
                                                                              • Opcode Fuzzy Hash: f0ff273e47efb88d9ff33024e0f2ee5d02c4394cc0d99f92bf241193a9c78517
                                                                              • Instruction Fuzzy Hash: B321C5B68097C49FD7028B64DC49B55BFA8EF16224F0980DFEC858F563D375A805CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,414A5DD9,00000000,00000000,00000000,00000000), ref: 0108ABB4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: b0202fdd61585d7f5c33709d9bbf342d8b92a1e1269636690ce16527381ec973
                                                                              • Instruction ID: 9185f2689a5bcd4af42a80f6ea41c599e79a08f559c3395617595eb72f1f6b27
                                                                              • Opcode Fuzzy Hash: b0202fdd61585d7f5c33709d9bbf342d8b92a1e1269636690ce16527381ec973
                                                                              • Instruction Fuzzy Hash: BE2193B5604204AFE721DF59DC84F66FBECEF44710F1488AAEE858B652D760E404CBB1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0108A58A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: a991dadf29fb74163d929d6aa5ae4f5991517ca7b9134e4b3ee6c15fbbc257a9
                                                                              • Instruction ID: 8c765e2c7ea559617028ddc713fa417752756dd60ebcedebd98a3cbdbe2a4f82
                                                                              • Opcode Fuzzy Hash: a991dadf29fb74163d929d6aa5ae4f5991517ca7b9134e4b3ee6c15fbbc257a9
                                                                              • Instruction Fuzzy Hash: 5C118176409380AFDB228F55DC44A62FFF8EF4A220F0884DAED858B563D375A419DB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0108B841
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: fab824e3ea9ce45e81fc807604a49c9a8bd2fb38b01d39eb8fbe7e90a6b45296
                                                                              • Instruction ID: 099fb3d0a0c1454caa89c6345f37d2150afc53a3b11d93efa2941333b2a0eac7
                                                                              • Opcode Fuzzy Hash: fab824e3ea9ce45e81fc807604a49c9a8bd2fb38b01d39eb8fbe7e90a6b45296
                                                                              • Instruction Fuzzy Hash: 0321AC764093C09FDB238B25DC54AA2BFB0EF17220F0D84DAEDC44F163D265A958CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 0108BBB9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 4e804965a42ba4b00244de88c5e27502df522c9513b7fa305d25ece4a72fa6e8
                                                                              • Instruction ID: dc62b813b16caacf89dedacda0bedd0db54cc56417996e189dffddebc39700d2
                                                                              • Opcode Fuzzy Hash: 4e804965a42ba4b00244de88c5e27502df522c9513b7fa305d25ece4a72fa6e8
                                                                              • Instruction Fuzzy Hash: D011D0764093C0AFDB228F25CC45B52FFB4EF16220F0884DEED858B563D265A418CBA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051C04EF, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 051C0550
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.291306404.00000000051C0000.00000040.00000001.sdmp, Offset: 051C0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: b6e620da383f4d2eed3e3bee303d97d14e9ab863086b7440f4fe210e67f3af33
                                                                              • Instruction ID: 7afef7cdfe496967a3931c27200c8315ae19d9263d8c1f92dda4d41d57cc47fd
                                                                              • Opcode Fuzzy Hash: b6e620da383f4d2eed3e3bee303d97d14e9ab863086b7440f4fe210e67f3af33
                                                                              • Instruction Fuzzy Hash: E211D0714093809FDB128F25DC84B52BFB8EF16220F0880EBED858F653D375A408CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DispatchMessageW.USER32(?), ref: 0108BE70
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DispatchMessage
                                                                              • String ID:
                                                                              • API String ID: 2061451462-0
                                                                              • Opcode ID: 1eeff5a7775a10389915a64b5c3257b084e9b30e3f8472543a78cc9064ddcff6
                                                                              • Instruction ID: 49cfaeffb90f77e0e1da86ce9636d82cd1ab803261c15d0b546fb64e27f75d00
                                                                              • Opcode Fuzzy Hash: 1eeff5a7775a10389915a64b5c3257b084e9b30e3f8472543a78cc9064ddcff6
                                                                              • Instruction Fuzzy Hash: 85117C7540D3C0AFDB138B259C44B62BFB4DF47624F0980DAED858F263D2656808CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateIconFromResourceEx.USER32 ref: 0108B78A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateFromIconResource
                                                                              • String ID:
                                                                              • API String ID: 3668623891-0
                                                                              • Opcode ID: ac55b3b33ae303e99f91f0e138879faed10b2bee5a528489206eaff8771ef9ea
                                                                              • Instruction ID: 45e5d4717b319d79808abcc66b1fc7d03cb99682e8e88c5cac84236e3c9e930f
                                                                              • Opcode Fuzzy Hash: ac55b3b33ae303e99f91f0e138879faed10b2bee5a528489206eaff8771ef9ea
                                                                              • Instruction Fuzzy Hash: 0011AF36408380AFDB228F65DC44A52FFF4FF49320F0884AEED858B522D375A418CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108BEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 0108BF0C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: 05ce4b91dfa046a81de015a9030b0ec3f961ce2ab2c95e5241e7bcdf9fdf64c1
                                                                              • Instruction ID: 98d165fbdf36281d64c2fdd7907bba8e9da1a53ea83186e3ac4bdf4dd20febcf
                                                                              • Opcode Fuzzy Hash: 05ce4b91dfa046a81de015a9030b0ec3f961ce2ab2c95e5241e7bcdf9fdf64c1
                                                                              • Instruction Fuzzy Hash: 89118F715093849FD711CF2ADC84B56BFE8DF46220F0880EAED85CF252D275A848CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: 2c3d8f20062d513688ecfc126b1d3ee2dcda202be5f2a3a699538aa9985c71f6
                                                                              • Instruction ID: 3eaf63c86fbe88805f0aa9dae431567d73ac266bdcce92ded30be5c7fd0bd39a
                                                                              • Opcode Fuzzy Hash: 2c3d8f20062d513688ecfc126b1d3ee2dcda202be5f2a3a699538aa9985c71f6
                                                                              • Instruction Fuzzy Hash: 4B1191754093849FD712CF25DC44B52BFB4EF42220F0984EBED858F253D279A449CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: 9cef9c2ff3bc154277a16d94cb2e398fac9a0bf78745cc6d0adad3985aa158ab
                                                                              • Instruction ID: 2507a467d3f895a861fada2ece7fa9593d5ea4719be3848887f952703ca19a7d
                                                                              • Opcode Fuzzy Hash: 9cef9c2ff3bc154277a16d94cb2e398fac9a0bf78745cc6d0adad3985aa158ab
                                                                              • Instruction Fuzzy Hash: A111AC364097849FD7228F15DC85A52FFF4EF06220F09C4DAED854B262D375A808CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108BED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 0108BF0C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: 42deefc23f4327b2706707321deb7a01e5d6126aae980203a842ac51b0d7aa51
                                                                              • Instruction ID: 4230d3d7ed409e4429de052329e10151e8638932dba6edb544c3f0e58c525ce3
                                                                              • Opcode Fuzzy Hash: 42deefc23f4327b2706707321deb7a01e5d6126aae980203a842ac51b0d7aa51
                                                                              • Instruction Fuzzy Hash: DD015E75A042449FDB50EF2AD885766FBD8DF44220F18C0AADD89CB647D675E408CF61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0108A58A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: d1a9a49c1006a3c7fc82b6d38dbf66d83c5833527877da2d1741a26f6e742322
                                                                              • Instruction ID: 3c71d0fb1265f4d74c0f864054f1fc65d7f08c1e0f74b33c26862d5537197b2a
                                                                              • Opcode Fuzzy Hash: d1a9a49c1006a3c7fc82b6d38dbf66d83c5833527877da2d1741a26f6e742322
                                                                              • Instruction Fuzzy Hash: 1501AD72504200DFDB219F55D844B56FFE0EF48320F08C4AAEE894BA12C375A054CFB1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateIconFromResourceEx.USER32 ref: 0108B78A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateFromIconResource
                                                                              • String ID:
                                                                              • API String ID: 3668623891-0
                                                                              • Opcode ID: df3d89fd05a3da096da23b59620a14925a85e46640de2dc73eb1fa9ea169c29a
                                                                              • Instruction ID: 83c47fce60783b647f17142d5341332aede6ee4f7e38ec06ffccd33a2f6ef849
                                                                              • Opcode Fuzzy Hash: df3d89fd05a3da096da23b59620a14925a85e46640de2dc73eb1fa9ea169c29a
                                                                              • Instruction Fuzzy Hash: E9016D764047009FDB219F55D844B56FFE4FF48320F08C4AAEE894A612D375A018DFA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051C051E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 051C0550
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.291306404.00000000051C0000.00000040.00000001.sdmp, Offset: 051C0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: 61dc23914609a67e5d94fda80fb7b1ab546cfdb03c8c05741369fd6212dc92b1
                                                                              • Instruction ID: 4f30d2835adc441fb91c46f71c20ad9250b0250dcbf10cbd8a7dbe99d65a2218
                                                                              • Opcode Fuzzy Hash: 61dc23914609a67e5d94fda80fb7b1ab546cfdb03c8c05741369fd6212dc92b1
                                                                              • Instruction Fuzzy Hash: 4E017175500240CFDB10CF59E8897AAFFA4EF54220F18C0AADD4A8B642D375A404CFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 051C0232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 051C0264
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.291306404.00000000051C0000.00000040.00000001.sdmp, Offset: 051C0000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: 6e2a02b53052c214b06ee0ca33a1c4f3fabc36a3e0eab32ec0a14200ca066e09
                                                                              • Instruction ID: 3e21a93eacd7f11c3efd6a94f603f3cd70034a9d35372772f49c265c232ba12f
                                                                              • Opcode Fuzzy Hash: 6e2a02b53052c214b06ee0ca33a1c4f3fabc36a3e0eab32ec0a14200ca066e09
                                                                              • Instruction Fuzzy Hash: D5018F75904240DFDB10CF29D88976AFFA4EF54221F18C4AADD5A8F642D376A444CBA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0108AFEA
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: 18349411375cfefc4044d3d59d28af8abc579705d936ab334d02b8b44ff77898
                                                                              • Instruction ID: 4083a9f51fa2d462f0ee730d393332e91db925bdad4a34136a5c242428e5d742
                                                                              • Opcode Fuzzy Hash: 18349411375cfefc4044d3d59d28af8abc579705d936ab334d02b8b44ff77898
                                                                              • Instruction Fuzzy Hash: 6501AD76500200ABD210DF1ADC86B26FBE8FB88B20F14815AED084B745E735F916CBE6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 0108BBB9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 32f0dd34f999f395122ce5d9acbb441bf8ead2b9d16da98c7ac9f2d380abc7c7
                                                                              • Instruction ID: 5de63c2106a2eeffa636731b6626d76f8f6c69ec859732fdda5c429e4fcbc929
                                                                              • Opcode Fuzzy Hash: 32f0dd34f999f395122ce5d9acbb441bf8ead2b9d16da98c7ac9f2d380abc7c7
                                                                              • Instruction Fuzzy Hash: 1001D4755042008FDB219F1AD844B65FFE4EF04320F08C09EDD964B666D375E418CFA1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: ba9343ba6632f8de946fec5beddb3a451b94e51d10d5991f855256f607a4d9db
                                                                              • Instruction ID: 200ecdc6f05e40e03b38926c69d22cfbc3283f4515eb2d05b5884b711c00d81c
                                                                              • Opcode Fuzzy Hash: ba9343ba6632f8de946fec5beddb3a451b94e51d10d5991f855256f607a4d9db
                                                                              • Instruction Fuzzy Hash: 4901AD75904240CFDB10EF19D884765FFE4EF44220F18C0ABDD8A8FA46D275A404CBA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 0108B841
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 334ccaa016f77a6ee8ab43e8ccb6b7f9ccc12da32313c71b868d278e9ae581f4
                                                                              • Instruction ID: e6b89fff79e1c1e6893092405ffdd5a5ce285410f9cd48e37a59b620f2c7d22d
                                                                              • Opcode Fuzzy Hash: 334ccaa016f77a6ee8ab43e8ccb6b7f9ccc12da32313c71b868d278e9ae581f4
                                                                              • Instruction Fuzzy Hash: B601AD75814644DFDB219F1AD888B65FFE0EF58720F08C09AEDC90B662D375A418CFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: d068d17e92681ad2a16dfc9f37de95f6a38b8148a4dff2497b4145a86619bc64
                                                                              • Instruction ID: 108de9be2821ccadb7ec59a27329fcd0c6cacc57b15ae6d4bc12c4fef4d841e6
                                                                              • Opcode Fuzzy Hash: d068d17e92681ad2a16dfc9f37de95f6a38b8148a4dff2497b4145a86619bc64
                                                                              • Instruction Fuzzy Hash: B201AD79908604DFDB219F09D885755FFA4EF48320F08C0AADDCA0BA52C375A409CFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0108BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DispatchMessageW.USER32(?), ref: 0108BE70
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288416972.000000000108A000.00000040.00000001.sdmp, Offset: 0108A000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DispatchMessage
                                                                              • String ID:
                                                                              • API String ID: 2061451462-0
                                                                              • Opcode ID: 6c1b1f6a761240cefdcfedd5d97ef6d508df004f8e6c0ecae8087ce511476c90
                                                                              • Instruction ID: 0bebb4739c96f33d37123fc3bde97676ac0c27a6929cc9b7b817db0022241e8e
                                                                              • Opcode Fuzzy Hash: 6c1b1f6a761240cefdcfedd5d97ef6d508df004f8e6c0ecae8087ce511476c90
                                                                              • Instruction Fuzzy Hash: 42F0AF758082448FDB209F19D884765FFA4EF54320F18C0AADE894B292D375A408CEA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050920D0, Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: r*+
                                                                              • API String ID: 0-3221063712
                                                                              • Opcode ID: 6a4cf7bb05f8f837654992a9788370b5ce09dfa9e038d27c428b67fc7f2984d2
                                                                              • Instruction ID: c75b0e8c8b5b2e71c139e74437e310576e2f3d3067ce48219fc4c676ee18ef4e
                                                                              • Opcode Fuzzy Hash: 6a4cf7bb05f8f837654992a9788370b5ce09dfa9e038d27c428b67fc7f2984d2
                                                                              • Instruction Fuzzy Hash: 1D718138A0820AEFCF58DFA8D4516BEBBF2FF85300F14806AC5429B299D7319D51DB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050902E8, Relevance: 1.4, Strings: 1, Instructions: 169COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `5(r
                                                                              • API String ID: 0-3683955166
                                                                              • Opcode ID: 770ba713833accad9f981fd0ffa47fd0ffdb6ae0e9978a4ca2de016135845fe8
                                                                              • Instruction ID: 588f34320b923ad9a594540472c280c9642de679e08d8db393a24dcd6c1ad66c
                                                                              • Opcode Fuzzy Hash: 770ba713833accad9f981fd0ffa47fd0ffdb6ae0e9978a4ca2de016135845fe8
                                                                              • Instruction Fuzzy Hash: A0516D70B04205CFDB58DF68D4646AE7BF3FF88310F148069D946AB395DA31AC41DB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05092D58, Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID: 0-3916222277
                                                                              • Opcode ID: 34ae68d021a6fc6fc02b3b41c4b581a9df6f40160909171c5a38805cef34d7ca
                                                                              • Instruction ID: 91198497b6cc24703759c600522966909c836d61cc907aa2da645f56d19d30f8
                                                                              • Opcode Fuzzy Hash: 34ae68d021a6fc6fc02b3b41c4b581a9df6f40160909171c5a38805cef34d7ca
                                                                              • Instruction Fuzzy Hash: BF41D238F08206AFCF18DF69D8805BEBBB3BBC1214B24C47EC456DB609D235E8529781
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05091458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $g%r
                                                                              • API String ID: 0-359987751
                                                                              • Opcode ID: 80c02443802d36083feee295f0582ea332ef97914218fd01ea5ce30b0b22457b
                                                                              • Instruction ID: 621758f67325245cbb640d8b6092c13d2f162d993ec8fc276fc087374ee0ecb6
                                                                              • Opcode Fuzzy Hash: 80c02443802d36083feee295f0582ea332ef97914218fd01ea5ce30b0b22457b
                                                                              • Instruction Fuzzy Hash: EF51F434A04219CFCB54DF64D894B9CBBB2BF88300F1541E9D40AAB36ACB759D85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05091290, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $g%r
                                                                              • API String ID: 0-359987751
                                                                              • Opcode ID: fd686187249a67da61ed49b56c4d7af8f5d3e79629f76eaf32b771606e4511f9
                                                                              • Instruction ID: b3adb6671f802bd74362befb391480e296795728221819e782d09cca7462473f
                                                                              • Opcode Fuzzy Hash: fd686187249a67da61ed49b56c4d7af8f5d3e79629f76eaf32b771606e4511f9
                                                                              • Instruction Fuzzy Hash: 1841F874E0421ADFCB64DF69D884B9DBBB2BF49300F0040A9D40AAB359DB309D84CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050905B9, Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8bq
                                                                              • API String ID: 0-187764589
                                                                              • Opcode ID: 8588656a128c2428f4d8ef4f8dad403458d821523292ae74483c733375c96343
                                                                              • Instruction ID: f15f222f12547eba924e8c0fbb74798743014a17afba0469b58f44d65347abc2
                                                                              • Opcode Fuzzy Hash: 8588656a128c2428f4d8ef4f8dad403458d821523292ae74483c733375c96343
                                                                              • Instruction Fuzzy Hash: 6D01AD207051240FCA19763DA4222FF278BABC6550B68402AE086DB795CD659C4353DA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050905C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8bq
                                                                              • API String ID: 0-187764589
                                                                              • Opcode ID: 0b30ef5e3d8c352279af90124597e2b02be3144805c53e8b67257140da512049
                                                                              • Instruction ID: d1b1452b2a6e2fc25006b0c0ac59310348563e5159ac4a8f73e2c66ce1a22375
                                                                              • Opcode Fuzzy Hash: 0b30ef5e3d8c352279af90124597e2b02be3144805c53e8b67257140da512049
                                                                              • Instruction Fuzzy Hash: C6F024307000240FCA0D763EA4211BF22CFEBC9650768402EF18AE7398CDB5AC4353EA
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05093B6B, Relevance: .2, Instructions: 242COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cece4f1451d18d9b589db5958d35fe3bb73f1ff0475cf813fed950045b13e657
                                                                              • Instruction ID: fdd706fd10aabf9e4652187ddf744ed7667a02ff972b3ed3e44be825d0787c81
                                                                              • Opcode Fuzzy Hash: cece4f1451d18d9b589db5958d35fe3bb73f1ff0475cf813fed950045b13e657
                                                                              • Instruction Fuzzy Hash: D1918031A00519DFCF19CF98D8849ADBBB2FF88310B158995E515AF22AC731EC52DF91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090681, Relevance: .1, Instructions: 133COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 6868fafd1c3ce177fe33975d1b6182f4b491ce4a36b3183116252defdc722375
                                                                              • Instruction ID: 2af49e7dd10e29a510133e73a7a194fa71fc61dfc78dbe1b4a2c0b28da43faaf
                                                                              • Opcode Fuzzy Hash: 6868fafd1c3ce177fe33975d1b6182f4b491ce4a36b3183116252defdc722375
                                                                              • Instruction Fuzzy Hash: 694182366242108FDB287B78E93C66D3BA2BF80311B1485A5F482C7269DF754C419F91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090BC0, Relevance: .1, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 02144c06d8e008a48137d867f78009bc47659883510e6c2ce9fc3e20877d6d27
                                                                              • Instruction ID: 7b08de314438964254d2e3190bba785e6dd27ee274844310ec4d4f89338395f8
                                                                              • Opcode Fuzzy Hash: 02144c06d8e008a48137d867f78009bc47659883510e6c2ce9fc3e20877d6d27
                                                                              • Instruction Fuzzy Hash: 4C41D731B041048FCB59DB28D4286AE77E7AFC5310F15806AE906EF3A9CEB69C06D7D1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050902D9, Relevance: .1, Instructions: 103COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 492885b0260d949e15a7434c007cbe19eaa6ac11971d5e993e9f0467242f783c
                                                                              • Instruction ID: ff98f6ec30ec4d1df2362af35526b046ada1842c60b6fec220f9d225f92f66db
                                                                              • Opcode Fuzzy Hash: 492885b0260d949e15a7434c007cbe19eaa6ac11971d5e993e9f0467242f783c
                                                                              • Instruction Fuzzy Hash: 5D414C70A002058FDF58CB68D568BAE7BB7BF88310F148469D506AB394DA71AC41EB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02AA0846, Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288846463.0000000002AA0000.00000040.00000040.sdmp, Offset: 02AA0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2dab509108ec46989a99aef5e30300aa00c35e12bd6c2f63fb1cd92d0b6b5653
                                                                              • Instruction ID: 911fb263fb7961f41b57f27d02929cf4b2ef71b37099cae59fb09a7cbf95efda
                                                                              • Opcode Fuzzy Hash: 2dab509108ec46989a99aef5e30300aa00c35e12bd6c2f63fb1cd92d0b6b5653
                                                                              • Instruction Fuzzy Hash: FA31CE3550A3809FD703CB20D890B55BFB0EF96214F19C5EED8888F653D73A980ACB92
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090007, Relevance: .1, Instructions: 91COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5a077ef5662cfe83fb52c6ce4b49143d325557d26d1a3648cfb52e5b4c0a1086
                                                                              • Instruction ID: d36fc6883fa10f055923427c342328fd58c1011e7fa4bb16ea840f1ec9ed84e7
                                                                              • Opcode Fuzzy Hash: 5a077ef5662cfe83fb52c6ce4b49143d325557d26d1a3648cfb52e5b4c0a1086
                                                                              • Instruction Fuzzy Hash: 36314C7050D386CFCB06EB74D8745593FF2FF86204B09899AE4C2CB16AEA798845DB53
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05092C58, Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: de112abc7bac601774857fc0cd324e68cafef950bfb6984174295d7b7b2e3a97
                                                                              • Instruction ID: aa9ede53ecba6a253cef1ea6890f91a6f643c5a526cab6f8bb6643443137b8da
                                                                              • Opcode Fuzzy Hash: de112abc7bac601774857fc0cd324e68cafef950bfb6984174295d7b7b2e3a97
                                                                              • Instruction Fuzzy Hash: 9D2106B8609247EFCB1CCB24A48493DBBF6BF85214B1441A6E496CB259C7219C04D7D2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050921E9, Relevance: .1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 74975f7753257604f8c3607b15a6d8d6892dc1acc947290b5c080432266d9b79
                                                                              • Instruction ID: 349d388f6efd0f750e84da838f30f150e70933d4a1fda504d23fd09a752bdccf
                                                                              • Opcode Fuzzy Hash: 74975f7753257604f8c3607b15a6d8d6892dc1acc947290b5c080432266d9b79
                                                                              • Instruction Fuzzy Hash: 2F314C74D0820AFFDF98DBA8D1506BDBBF2FF45300F10409AC4429B2A9D6359A45DB52
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050925DE, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 282c1599d4aaae7142c28fdebcf53a9bd0f6ea1856c8de7206f92039c3d15240
                                                                              • Instruction ID: 99befefa1bffa47d7aff88ed049e134565e5ac5549a3eb10933eac7aba2b6c4e
                                                                              • Opcode Fuzzy Hash: 282c1599d4aaae7142c28fdebcf53a9bd0f6ea1856c8de7206f92039c3d15240
                                                                              • Instruction Fuzzy Hash: 1431AA75A0428ACFCBA4DF66E45065EFBF2BF85314F20C269C044AF219CBB89449DF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05094190, Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: cf9ef5a6617d4c817e8188758e4ff21aff1509d501c11bc960cce9153bd205e2
                                                                              • Instruction ID: 85ddf100eb0a0e4cfc65225dfcee31ea43854d60ee499480382d7d4c60d2a46d
                                                                              • Opcode Fuzzy Hash: cf9ef5a6617d4c817e8188758e4ff21aff1509d501c11bc960cce9153bd205e2
                                                                              • Instruction Fuzzy Hash: B511E171A0421A8BCF2CEBB4E8141BFBAABBF95340F51813A954797248DE75880197A2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02AA087C, Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288846463.0000000002AA0000.00000040.00000040.sdmp, Offset: 02AA0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e0a66877cc92204685426df258931ac69da1616c97683ba201be5fa31743e304
                                                                              • Instruction ID: 81c7fc0c2f52ff662db7f261c608e064a44449d3dc1b587c773911cb8c7cc316
                                                                              • Opcode Fuzzy Hash: e0a66877cc92204685426df258931ac69da1616c97683ba201be5fa31743e304
                                                                              • Instruction Fuzzy Hash: 02112634204384DFE705CB64C890B26BBA5EF8C708F24C9ACE9491B742CB7BD803CA95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050911DF, Relevance: .1, Instructions: 55COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 063ca97757b00cfb7943c77952e8ab12fb13f47d1b99025931ca3924812e27f3
                                                                              • Instruction ID: fdcc0f2002926435ffe1b086fc3c22b8619f3f2334862ac59e0a08dff1f74a90
                                                                              • Opcode Fuzzy Hash: 063ca97757b00cfb7943c77952e8ab12fb13f47d1b99025931ca3924812e27f3
                                                                              • Instruction Fuzzy Hash: 2D118230308291CFCB09EB28D06496DBFF6AFC620071541EBD442CF66ACB655C09D752
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02AA05D4, Relevance: .0, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288846463.0000000002AA0000.00000040.00000040.sdmp, Offset: 02AA0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 890f87235881d485b154c9bfb43a85beedad58731a9827165f2ada624b49f2f1
                                                                              • Instruction ID: 271beba00b5bee7938bac084953f363b6cfa049dd0dcb9581f96c4b1b92a8cd9
                                                                              • Opcode Fuzzy Hash: 890f87235881d485b154c9bfb43a85beedad58731a9827165f2ada624b49f2f1
                                                                              • Instruction Fuzzy Hash: 89F0A9B65097806FD7128F16DC45862FFB8DF86630709C49FEC498B652D225A809CBB2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05091218, Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 7a5f3e770b14ad66c73e71357e3b7ffdb64723cd7ad6c3d36617688671072873
                                                                              • Instruction ID: a9ef158d9d8582e6e775aa7542de4a7e935e3ef02aeb6d3bb19fd1f597c71691
                                                                              • Opcode Fuzzy Hash: 7a5f3e770b14ad66c73e71357e3b7ffdb64723cd7ad6c3d36617688671072873
                                                                              • Instruction Fuzzy Hash: 74011D31314115CBCA48F72DE15896DB7EBAFC5700B2441AAE406CB6A9CFB59C19DB82
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05094180, Relevance: .0, Instructions: 38COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 0ff432f86db8a8bc90c56d12b3deab03796d3ef534ac9de3c60dcc9b719356e2
                                                                              • Instruction ID: cc60e19957a680467e69b77fcbbffdd3ce19d74bc9b9a7ad64b82f80977a449e
                                                                              • Opcode Fuzzy Hash: 0ff432f86db8a8bc90c56d12b3deab03796d3ef534ac9de3c60dcc9b719356e2
                                                                              • Instruction Fuzzy Hash: C0F02B31A093845ACF299B74B8150FF7FA9BA933A070441AFD4828714DD67700035751
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090918, Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8f4ce29d78df18900c4665e6d1fdc0dc80c325af48122dce2fb0208839485fd0
                                                                              • Instruction ID: d450c5f3fcc1bd70a86037a4e826f11d91c2f64c472d3e63aebebbf868e4b317
                                                                              • Opcode Fuzzy Hash: 8f4ce29d78df18900c4665e6d1fdc0dc80c325af48122dce2fb0208839485fd0
                                                                              • Instruction Fuzzy Hash: 3EE02B32E292189BDF5896F8BC281AFBBAAE7C5650F0044779E07E330CD974580666D2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05093BC4, Relevance: .0, Instructions: 32COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c320a51548ad339acbc1378bfd9da8fdffdb1970453cc9a66122168bfe83c23c
                                                                              • Instruction ID: 30a692ee027178693ecf28060881ecc3b92133c7e559b8c49a2a0ede84ab5d43
                                                                              • Opcode Fuzzy Hash: c320a51548ad339acbc1378bfd9da8fdffdb1970453cc9a66122168bfe83c23c
                                                                              • Instruction Fuzzy Hash: 96F05872B08128CFCF14EA99E4805EDBBB2FBC0310B204A56D515EB24DDB70A9429B82
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02AA0938, Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288846463.0000000002AA0000.00000040.00000040.sdmp, Offset: 02AA0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction ID: a6cb44152cff8ef13d6364a2b05363d2cbe0c0707fd5a941b0606d5da2e3d564
                                                                              • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction Fuzzy Hash: 2DF03135104645DFC706CF40D980B15FBA2FB89718F24C6ADE9490B752C737D813DA81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090908, Relevance: .0, Instructions: 30COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 93675a34b0d751bdb10fc5aec3b1f4c49c2953751069577fb77e505295e054bd
                                                                              • Instruction ID: b77daed7978eda6a1ea5f3da4d284d2d36eae4b1a0a2c31ced7505aa67b99fd1
                                                                              • Opcode Fuzzy Hash: 93675a34b0d751bdb10fc5aec3b1f4c49c2953751069577fb77e505295e054bd
                                                                              • Instruction Fuzzy Hash: A4F0EC30D252148FDF68CFB8A82D2BF7BA6AB85350F0144378D076720DDD7458129782
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02AA05F6, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288846463.0000000002AA0000.00000040.00000040.sdmp, Offset: 02AA0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: c9e0f09cd6c6620ceb177a013e32244b243328df24d8bfd48cce4f4b840a7f96
                                                                              • Instruction ID: c74795a76c81382c5bb1b645c872287529980fcfea3dee82c79be97db5d2845e
                                                                              • Opcode Fuzzy Hash: c9e0f09cd6c6620ceb177a013e32244b243328df24d8bfd48cce4f4b840a7f96
                                                                              • Instruction Fuzzy Hash: C8E06DB66006004B9650CF0AEC81452F7D8EB84630718C46BDC0D8B701E236B5058FA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05092D20, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 45489c07c7a82ed96f0920b77fade27bb87a83329f04d16b6df5c5feb027f37c
                                                                              • Instruction ID: 720b3e32e46f4899b244428e256678dd59df1e3c31ed788f16d09b89ab46b77d
                                                                              • Opcode Fuzzy Hash: 45489c07c7a82ed96f0920b77fade27bb87a83329f04d16b6df5c5feb027f37c
                                                                              • Instruction Fuzzy Hash: C4D0123804FA85AFD61A9668682677C3F659B4B605F0805D294C68D4BAD05114139752
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090170, Relevance: .0, Instructions: 21COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9e9d685e5e2426400b8ebb10bbd0dac3694db044c19548f591cc5d0edc00a57c
                                                                              • Instruction ID: 5c50bfb64cdb4589d38caad1a4c63221235df04121d9aa08427876bab4185723
                                                                              • Opcode Fuzzy Hash: 9e9d685e5e2426400b8ebb10bbd0dac3694db044c19548f591cc5d0edc00a57c
                                                                              • Instruction Fuzzy Hash: BCE0EC7014A3848FC71A6BB0E42A4683BB5AF4A20531504EEE8468FA66DA779892C741
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 050902A0, Relevance: .0, Instructions: 20COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: eb27e03eb6a383377eece0f4a0cf1d1e6d3e22531c9eca21698eedee337f96df
                                                                              • Instruction ID: d30ea03946de09dbbdd490990d61e06633eb8bca91baa78d9c2d5e5e5f94e83c
                                                                              • Opcode Fuzzy Hash: eb27e03eb6a383377eece0f4a0cf1d1e6d3e22531c9eca21698eedee337f96df
                                                                              • Instruction Fuzzy Hash: 05E08C3180AA90CFC316D768E47949ABFF1EF4A200304889BD8D68B969C6206C019740
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0509064F, Relevance: .0, Instructions: 19COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: e769d3e9f198b0cc10c59d66bda5d388b17bf0a72bb9886542c569f0ffc6506e
                                                                              • Instruction ID: dbfab87826242948ae6dfda60502a21d85d9eb9db8eeed0ca48be02ba2580d8f
                                                                              • Opcode Fuzzy Hash: e769d3e9f198b0cc10c59d66bda5d388b17bf0a72bb9886542c569f0ffc6506e
                                                                              • Instruction Fuzzy Hash: 23D05BB24453C48FD71A46B12C2D0F83BA5DF5311571048A5D84145865952635539621
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 010823F4, Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288409908.0000000001082000.00000040.00000001.sdmp, Offset: 01082000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d97969fa272f092908942a94a0f36e09f24ac6fac7d9ac59e7f4a7dd4dec2678
                                                                              • Instruction ID: af869c1d2bcfe2f1e9aae1ca9023233c34f67be40f47b504a3a1e37dfca58446
                                                                              • Opcode Fuzzy Hash: d97969fa272f092908942a94a0f36e09f24ac6fac7d9ac59e7f4a7dd4dec2678
                                                                              • Instruction Fuzzy Hash: DAD05E79209A814FE3269A1CC1A8B953FE4EF51B04F4644FAE8808B663C768D5D1D210
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 010823BC, Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.288409908.0000000001082000.00000040.00000001.sdmp, Offset: 01082000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9029eb9ffffceac112cdebe7e5d7b1bfd039293e1f53db621008ae47f0a518c8
                                                                              • Instruction ID: 2a9310b60c3bcc6d1243a041b6639d33b2f99aa135aaf508a743ce950b8a43c5
                                                                              • Opcode Fuzzy Hash: 9029eb9ffffceac112cdebe7e5d7b1bfd039293e1f53db621008ae47f0a518c8
                                                                              • Instruction Fuzzy Hash: 19D05E342052814BD716EB1CC1A4F593BD4AB41B00F0684E8BC808B662C3A4E981C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090180, Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fb2dab57242a9986cb88672b4808d59d61921f75314aa7ab23c8922780ce416d
                                                                              • Instruction ID: 78ce71f64afd3d6348737a3293535705c2eabf05d9ca5113b47698fa121c1651
                                                                              • Opcode Fuzzy Hash: fb2dab57242a9986cb88672b4808d59d61921f75314aa7ab23c8922780ce416d
                                                                              • Instruction Fuzzy Hash: 33D01230201304CFCB182B71E02941C73A9BB88205300087CE80687744DF7BE840CB40
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05090660, Relevance: .0, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9f29a64fff3c942a84d0099264e107a730f5b8836a10eafc10251463f7e736e0
                                                                              • Instruction ID: ddea6c52d8d29b31304109f6ccd4f2f11000f77bd76fb0b9e8c5b5449e37d410
                                                                              • Opcode Fuzzy Hash: 9f29a64fff3c942a84d0099264e107a730f5b8836a10eafc10251463f7e736e0
                                                                              • Instruction Fuzzy Hash: 49C02BB20453C8CFC22C9672381D43D720B66C0304700C8319401001188B377461ED21
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 05092EC0, Relevance: .0, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000B.00000002.290480993.0000000005090000.00000040.00000001.sdmp, Offset: 05090000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a6d70ea7d1d713914b3875b2f67979118644ebda6fcd7b5b76a1252d82d9f3bb
                                                                              • Instruction ID: 8c60b404cf978338c0f09aeba7ad08799a7ee8b3f71d1e67dbcd3e1b80b17503
                                                                              • Opcode Fuzzy Hash: a6d70ea7d1d713914b3875b2f67979118644ebda6fcd7b5b76a1252d82d9f3bb
                                                                              • Instruction Fuzzy Hash: D2B012302042091B2B905AB23848E2633CC7540409340006D980CC0004F505D0903240
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions

                                                                              Analysis Process: dhcpmon.exe PID: 6468 Parent PID: 6296 dhcpmon.exeCOMMON

                                                                              Executed Functions

                                                                              Function 027823A0, Relevance: .5, Instructions: 505COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: a85dd18345fde13e055ac47accc0e635eb6e61b0a15a1a37e2c6476507297b9d
                                                                              • Instruction ID: e84db282565ba77c63220e550d7895ae6daf366d6b23d9bca4da6979601710fa
                                                                              • Opcode Fuzzy Hash: a85dd18345fde13e055ac47accc0e635eb6e61b0a15a1a37e2c6476507297b9d
                                                                              • Instruction Fuzzy Hash: 2212CD70A40296CFDB24EF29C98476DBBF2FF88316F14852AD806EB256DB349C45CB51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02782FA8, Relevance: .2, Instructions: 239COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d32dce1725b1ad7c5ac81186c97fa00f4c9ccd5e2c442995c2fd510fd4a3083d
                                                                              • Instruction ID: df24702c844534ec29ceeedcaf83b183218b1b0d0636319c8665cc1f704341a3
                                                                              • Opcode Fuzzy Hash: d32dce1725b1ad7c5ac81186c97fa00f4c9ccd5e2c442995c2fd510fd4a3083d
                                                                              • Instruction Fuzzy Hash: 38817A72F40115AFDB14EB6DD994A6EBBE3AFC8710B2A80A5E415AB355DE309C018B90
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027809A1, Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: X1(r$X1(r$X1(r$X1(r
                                                                              • API String ID: 0-1974604117
                                                                              • Opcode ID: 2966db2310742105388419dccb9dcbe0201b468cee848e79116e6ff0734ce176
                                                                              • Instruction ID: 651248e6a9e44d132a9f0d6adf53111461cc4cecc29c4a53d077b3c8cddd5332
                                                                              • Opcode Fuzzy Hash: 2966db2310742105388419dccb9dcbe0201b468cee848e79116e6ff0734ce176
                                                                              • Instruction Fuzzy Hash: 4251D331B44141DFCB14AB68CC54BAEBBF2AF84304F21856AE506EB3A1EB30DC05CB80
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780681, Relevance: 2.6, Strings: 2, Instructions: 141COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: Zq^$Yq^
                                                                              • API String ID: 0-2195490495
                                                                              • Opcode ID: 275c6c8f2e8daeb863055e8a1e1fd7b27190febb07846877b82729cdf8030b97
                                                                              • Instruction ID: 78c421a9767d6c2a72010e73de6226678a0468c1d02749426f6f1afffcfd27e6
                                                                              • Opcode Fuzzy Hash: 275c6c8f2e8daeb863055e8a1e1fd7b27190febb07846877b82729cdf8030b97
                                                                              • Instruction Fuzzy Hash: 2F41477024A251CFDB087B78ED1976D3BA6BF80316B144A6BF402D62B5EF308C459B92
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027812A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $g%r
                                                                              • API String ID: 0-359987751
                                                                              • Opcode ID: 9f433b9670c65a684ee637c73562a72577abb01f376de18a0d976389c792b5fe
                                                                              • Instruction ID: 54458c0b1f0bab9c99a0fe61bbcf1ab38b641513a5ab0fe3941f4c0f93789f88
                                                                              • Opcode Fuzzy Hash: 9f433b9670c65a684ee637c73562a72577abb01f376de18a0d976389c792b5fe
                                                                              • Instruction Fuzzy Hash: CB22E574A00605CFC724EF28C590A6AFBF2FF48304B508999D85A9BB55DB35ED46CF41
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04E000F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateMutexW.KERNELBASE(?,?), ref: 04E0019D
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.290436184.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateMutex
                                                                              • String ID:
                                                                              • API String ID: 1964310414-0
                                                                              • Opcode ID: a64077671a64f98f65cd1a48a30ccedae7a152e2fd37d0f79bb8b8cc469dd3ae
                                                                              • Instruction ID: 4416ee33d328748439b527f2d34da9f6c2668ef86f72277aed4ceab5b402327b
                                                                              • Opcode Fuzzy Hash: a64077671a64f98f65cd1a48a30ccedae7a152e2fd37d0f79bb8b8cc469dd3ae
                                                                              • Instruction Fuzzy Hash: 5E318DB15097806FE712CF65DC84B56FFF8EF06314F0884AAE9848B293D365E948CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,661E5912,00000000,00000000,00000000,00000000), ref: 00CCABB4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 0e3fa73f568f5cdc9ed80fd6d181698e1c045fd5ad97d20644fc4a7109b65213
                                                                              • Instruction ID: 18f681a5844da4b8c1eef3c9b27723cefaa5af8e6d9499697999a6333fdefe81
                                                                              • Opcode Fuzzy Hash: 0e3fa73f568f5cdc9ed80fd6d181698e1c045fd5ad97d20644fc4a7109b65213
                                                                              • Instruction Fuzzy Hash: 443193755093846FE722CB65CC94F92BFBCEF06314F08849EE985CB152D264E948CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCAA12, Relevance: 1.6, APIs: 1, Instructions: 84registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00CCAAB1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 9f03fc879add2ea96578c14096f543db7e6bec7ef00dfc5d1992dc9c069f3643
                                                                              • Instruction ID: 1bfdb7d2676ec9c174dce63ae41d2901ea91a76a52c4d968ea720e60fb5aea6d
                                                                              • Opcode Fuzzy Hash: 9f03fc879add2ea96578c14096f543db7e6bec7ef00dfc5d1992dc9c069f3643
                                                                              • Instruction Fuzzy Hash: 9A2180B25047446FE7228B65CC88FA7FFFCEF05310F08849AEA859B152D664E948CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCAF50, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 00CCAFEA
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: 46c17fe18997412be604e3386b22b80d929f9fbc1525423cf731e72cd23c3eb5
                                                                              • Instruction ID: 114c8e2f079305793585e5d4df5777d3d5a6233130aa1290827c84e0f83d035b
                                                                              • Opcode Fuzzy Hash: 46c17fe18997412be604e3386b22b80d929f9fbc1525423cf731e72cd23c3eb5
                                                                              • Instruction Fuzzy Hash: CB21A37140D3C06FC3138B658C55B61BFB4EF47610F0A41DBE984CB5A3D128A919C7B2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00CCAAB1
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Open
                                                                              • String ID:
                                                                              • API String ID: 71445658-0
                                                                              • Opcode ID: 375e2b62847adb2949b125402e768975c64e80d2eb7fa8b5ac98220befacba25
                                                                              • Instruction ID: ebb684695bb2f093cc450fc1ca19da49c76f6b88d7ca4b5c22d4222e86e568c8
                                                                              • Opcode Fuzzy Hash: 375e2b62847adb2949b125402e768975c64e80d2eb7fa8b5ac98220befacba25
                                                                              • Instruction Fuzzy Hash: 6521A4B2500204AEE7219B55DD88FABFBECEF04710F14845AEE459B241D674E908DB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04E0012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateMutexW.KERNELBASE(?,?), ref: 04E0019D
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.290436184.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateMutex
                                                                              • String ID:
                                                                              • API String ID: 1964310414-0
                                                                              • Opcode ID: 0d26eaf374b2fc0be6c90eed416b10de68902993b3ca1ac4cf37322a91ef4478
                                                                              • Instruction ID: d1901d73c1b3161a0a6d7bfe3e766f1073ebc1b9ad66579b0c72a7567a594b92
                                                                              • Opcode Fuzzy Hash: 0d26eaf374b2fc0be6c90eed416b10de68902993b3ca1ac4cf37322a91ef4478
                                                                              • Instruction Fuzzy Hash: 2B218071604240AFE721DF69EC85B6AFBE8EF04314F14846AE9458B282D771F544CA75
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04E001F4, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 04E00264
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.290436184.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: 548c98a6c80541187d928081b232bc65d309f80bcd9d5f405f5928a24bdd3b31
                                                                              • Instruction ID: 6bd71bfce609cd299f2dbcfa333d78a4d9e01f8d2f540e696bc03694fa6962d7
                                                                              • Opcode Fuzzy Hash: 548c98a6c80541187d928081b232bc65d309f80bcd9d5f405f5928a24bdd3b31
                                                                              • Instruction Fuzzy Hash: 982195B68097845FD7128F64EC45791BFA8EF06324F0984DBEC848F5A3D274A944C761
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • RegQueryValueExW.KERNELBASE(?,00000E2C,661E5912,00000000,00000000,00000000,00000000), ref: 00CCABB4
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: QueryValue
                                                                              • String ID:
                                                                              • API String ID: 3660427363-0
                                                                              • Opcode ID: 0a7a2c5d86632f179a010f533b0180a2ea8bdc1adbada01e88e41bb6507f96e5
                                                                              • Instruction ID: bcfaa646e5da252257d9e6975f65eda89d87cefe342d38996e4c5a83c564904a
                                                                              • Opcode Fuzzy Hash: 0a7a2c5d86632f179a010f533b0180a2ea8bdc1adbada01e88e41bb6507f96e5
                                                                              • Instruction Fuzzy Hash: DA218EB1500208AFEB20CE65DC84F66FBECEF04714F14846EE9558B251D760E908CAB2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 00CCB841
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 219b47958f82cff19e278feffa57855e81a76d1fe72ac37a8b18090e3c40d158
                                                                              • Instruction ID: b7473edd915016a39d66bcd2c159d890312ae6248b2e196f55a505306f5d2f05
                                                                              • Opcode Fuzzy Hash: 219b47958f82cff19e278feffa57855e81a76d1fe72ac37a8b18090e3c40d158
                                                                              • Instruction Fuzzy Hash: 5021CD724097C09FDB128B21DC51AA2BFB4EF17320F0D84DAEDC44F163D265A958DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CCA58A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 0be0a4715ed977e18a818b330d82cb1d711349f936c2dc6c38a4b83bd66375b0
                                                                              • Instruction ID: 4dc68833d57c4293d9b7c5f15a2cc5c933a5972bf9c1148055fb39a58fce7068
                                                                              • Opcode Fuzzy Hash: 0be0a4715ed977e18a818b330d82cb1d711349f936c2dc6c38a4b83bd66375b0
                                                                              • Instruction Fuzzy Hash: D4119071409784AFDB228F51DC44A62FFF4EF4A320F08849EED858B162C275A518DB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 00CCBBB9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 7dc7cba27635034671cc1cf90b53f3cc5f6287873b997e5ffde259a3ce7264de
                                                                              • Instruction ID: b471508934ec4eda269370bfcd10d41b06791ec4bb50f1489a9e67bd726d7922
                                                                              • Opcode Fuzzy Hash: 7dc7cba27635034671cc1cf90b53f3cc5f6287873b997e5ffde259a3ce7264de
                                                                              • Instruction Fuzzy Hash: 0411D0754097C0AFDB228F25CC45B52FFB4EF16320F0884DEED858B563D265A918DB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04E004EF, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 04E00550
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.290436184.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: 74969390ae5c7ae63d891f2322376340422ca11523713da7c5bc79942cc69d7a
                                                                              • Instruction ID: 8028f7d6aa2b88bd6e3ed8237b46e6d376e11403b588b37290d64fc436ee27e3
                                                                              • Opcode Fuzzy Hash: 74969390ae5c7ae63d891f2322376340422ca11523713da7c5bc79942cc69d7a
                                                                              • Instruction Fuzzy Hash: 141181715093845FDB128F25DC85B52BFB8EF06224F0880EBED458B653D265A458CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DispatchMessageW.USER32(?), ref: 00CCBE70
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DispatchMessage
                                                                              • String ID:
                                                                              • API String ID: 2061451462-0
                                                                              • Opcode ID: b28aaa157b642e3414fb688bdd34eea64162f0bd9579fbd2642e6de8db46791f
                                                                              • Instruction ID: c24b30b7ab25b9be484d62db75148c73efaca3967b2580f4cd3dff226141ceb6
                                                                              • Opcode Fuzzy Hash: b28aaa157b642e3414fb688bdd34eea64162f0bd9579fbd2642e6de8db46791f
                                                                              • Instruction Fuzzy Hash: 4B118E758097C0AFDB138B25DC44B62BFB4DF47624F0980DEED848F263D265A908CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateIconFromResourceEx.USER32 ref: 00CCB78A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateFromIconResource
                                                                              • String ID:
                                                                              • API String ID: 3668623891-0
                                                                              • Opcode ID: 9113cc62ca70cfe7a9250ced287605151dc1ac0ab6a5f77aaac65903df37b98b
                                                                              • Instruction ID: 55d89c03087fb0c5ea4bad07f22767d002835611a2fcdfc5e3e7831325e59454
                                                                              • Opcode Fuzzy Hash: 9113cc62ca70cfe7a9250ced287605151dc1ac0ab6a5f77aaac65903df37b98b
                                                                              • Instruction Fuzzy Hash: 7C1190314083809FDB228F55DC44A52FFF4EF49320F0984AEED858B522C375A818CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCBEB4, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 00CCBF0C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: bd9b8d398cadb632593a9b325e0bf34bb160d2e0c12cc5947740002c879d0d2d
                                                                              • Instruction ID: 904bdfdc9a05f112cf46f1b3437714bd9c84ad741bc2fa85620c1af6763695f9
                                                                              • Opcode Fuzzy Hash: bd9b8d398cadb632593a9b325e0bf34bb160d2e0c12cc5947740002c879d0d2d
                                                                              • Instruction Fuzzy Hash: 68118F755053809FDB11CF65DC85B96BFA8EF06220F0880AEED85CB252D274E948CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCA75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: 12dc5b297b6589a0d3d87e131c240c7bd330787a8e7d73bbe88872edb5115ef6
                                                                              • Instruction ID: abbead3b9091285738a961d71472530007f6cd73a9181c0178c055e43574d3ba
                                                                              • Opcode Fuzzy Hash: 12dc5b297b6589a0d3d87e131c240c7bd330787a8e7d73bbe88872edb5115ef6
                                                                              • Instruction Fuzzy Hash: 5C116D754093849FDB128F25DC48B52BFB4EF06324F0984EAED458F253D279A948CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,?,?), ref: 00CCA926
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: f3cb4824b396c747527b4566758cf63f2db77339e081e5ddbbd83b19d09e5644
                                                                              • Instruction ID: c45b5386f79850a046c304d152b42194560b7fb1b044770853c2ad920bf5228a
                                                                              • Opcode Fuzzy Hash: f3cb4824b396c747527b4566758cf63f2db77339e081e5ddbbd83b19d09e5644
                                                                              • Instruction Fuzzy Hash: 2E117C714097849FDB218F15DC89B52FFB4EF06320F09C49AED854B262D275A918CB62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCBED2, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetCurrentDirectoryW.KERNELBASE(?), ref: 00CCBF0C
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CurrentDirectory
                                                                              • String ID:
                                                                              • API String ID: 1611563598-0
                                                                              • Opcode ID: 4c7d32c3c0c74bd327622355dc25605b4b6302ed0a610cb2661e537f2e4f4ca8
                                                                              • Instruction ID: dfec70802590e13cef955caf41d7a9624e12054c35829250d1a0bf806d5e640a
                                                                              • Opcode Fuzzy Hash: 4c7d32c3c0c74bd327622355dc25605b4b6302ed0a610cb2661e537f2e4f4ca8
                                                                              • Instruction Fuzzy Hash: AD018C75A002008FDB10DFAAD885BA6FB98EF00320F1880AEDD59CB742D374E904CE62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CCA58A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DuplicateHandle
                                                                              • String ID:
                                                                              • API String ID: 3793708945-0
                                                                              • Opcode ID: 2e3bfd4976090bdedd355158b8408b0ff238eccb88c300716e842c0f42cc64b6
                                                                              • Instruction ID: 9d438cf073312232e6bfc5b912d27352aacd6cb146d026658dcdf1a2988f155c
                                                                              • Opcode Fuzzy Hash: 2e3bfd4976090bdedd355158b8408b0ff238eccb88c300716e842c0f42cc64b6
                                                                              • Instruction Fuzzy Hash: 810180718006049FDB218F55D948B56FFE4EF48324F18C4AEED594B652C375E414DF62
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • CreateIconFromResourceEx.USER32 ref: 00CCB78A
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: CreateFromIconResource
                                                                              • String ID:
                                                                              • API String ID: 3668623891-0
                                                                              • Opcode ID: 60f73cd98f8af7a82b343a31dd6917d5da4442d45904635b6a76ed2dc71fa90a
                                                                              • Instruction ID: efe763e1dd8b771b84c82f0b720ecb555e62131927ea549287f9fdc8a0108b3f
                                                                              • Opcode Fuzzy Hash: 60f73cd98f8af7a82b343a31dd6917d5da4442d45904635b6a76ed2dc71fa90a
                                                                              • Instruction Fuzzy Hash: CB015B714006009FDB218F95D845B56FFE4EF48320F18C4AEEE994A622D376E818DBB1
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04E00232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 04E00264
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.290436184.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: b1b8ed17269cf28c755bc1c1ebdfb5ed7f31eb86dcfbc66009b1a28622dd886f
                                                                              • Instruction ID: b0149d5d6c35bfb035c8e2a1331f4b034a6ab2dae52464490b5cde84a8a2c24f
                                                                              • Opcode Fuzzy Hash: b1b8ed17269cf28c755bc1c1ebdfb5ed7f31eb86dcfbc66009b1a28622dd886f
                                                                              • Instruction Fuzzy Hash: 8A01F275A002008FDB10CF29E8847A6FFA4EF40320F08C4ABDC598F283D275E448CB61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 04E0051E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • FindCloseChangeNotification.KERNELBASE(?), ref: 04E00550
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.290436184.0000000004E00000.00000040.00000001.sdmp, Offset: 04E00000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ChangeCloseFindNotification
                                                                              • String ID:
                                                                              • API String ID: 2591292051-0
                                                                              • Opcode ID: b4592dd6afe69af5ffb8061bdba6c316477ce844f050a125c0ff6bc4ed7aa8b1
                                                                              • Instruction ID: deb61f566109ab711adfce4a33bdb6eaf8e9739254d7b7eec11ca6c54eda2d08
                                                                              • Opcode Fuzzy Hash: b4592dd6afe69af5ffb8061bdba6c316477ce844f050a125c0ff6bc4ed7aa8b1
                                                                              • Instruction Fuzzy Hash: A801D4719002008FDB20CF19E885796FFA4DF45320F08C0AADC598B282D274E444CB72
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 00CCAFEA
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: ConsoleCtrlHandler
                                                                              • String ID:
                                                                              • API String ID: 1513847179-0
                                                                              • Opcode ID: 835a4730123fae56a034f2648b142a7a586cd34d3ca877223965e5659f380729
                                                                              • Instruction ID: 87c66f54dc3166e7cb61154791257dfb8939e9d27b5115a62ce01d86dd015aac
                                                                              • Opcode Fuzzy Hash: 835a4730123fae56a034f2648b142a7a586cd34d3ca877223965e5659f380729
                                                                              • Instruction Fuzzy Hash: 3A018172500600ABD710DF1ADC86B26FBE8FF88B20F14816AED085B745E675F915CBE6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 00CCBBB9
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 8992fefa1df961775569484b9a9ede60bb4f34c898e73ccfa02fc41fca94fda2
                                                                              • Instruction ID: 881c01dbc5825194c214224ea7131a885a185e06078e4b67324bd0fae38371dc
                                                                              • Opcode Fuzzy Hash: 8992fefa1df961775569484b9a9ede60bb4f34c898e73ccfa02fc41fca94fda2
                                                                              • Instruction Fuzzy Hash: 5201DF755006408FDB208F56D885B66FFA4EF14320F18C0AEED5A8B666C371ED18DFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCA78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: Initialize
                                                                              • String ID:
                                                                              • API String ID: 2538663250-0
                                                                              • Opcode ID: a8e208b3929c9cc37294b2da4d512b74b89fb7e53ada2275ce9f2a789f39e818
                                                                              • Instruction ID: b458c3d121384de5c346bb2a0d1d004427524bb183cda0f4471f6973ce4dd050
                                                                              • Opcode Fuzzy Hash: a8e208b3929c9cc37294b2da4d512b74b89fb7e53ada2275ce9f2a789f39e818
                                                                              • Instruction Fuzzy Hash: 3C01D1748002448FDB10DF16E888BA5FFE4EF44324F18C0AADD588F642D275A504CBA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • PostMessageW.USER32(?,?,?,?), ref: 00CCB841
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: MessagePost
                                                                              • String ID:
                                                                              • API String ID: 410705778-0
                                                                              • Opcode ID: 9afcf29d0eb2b1f3a0853b5dff38c1fb67244164f2ca05fdc41b94f4de8e90d1
                                                                              • Instruction ID: 1c481cf60d513c889c0e148f52562e03ee1dea7be27fbed9cff4d34e2c40169b
                                                                              • Opcode Fuzzy Hash: 9afcf29d0eb2b1f3a0853b5dff38c1fb67244164f2ca05fdc41b94f4de8e90d1
                                                                              • Instruction Fuzzy Hash: 7801A271400644DFDB208F56D985B65FFA4EF04720F18C09EDD590B262D375E918DFA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • SetWindowLongW.USER32(?,?,?), ref: 00CCA926
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: LongWindow
                                                                              • String ID:
                                                                              • API String ID: 1378638983-0
                                                                              • Opcode ID: 202b7063c126e154f5c2615ad3e70a983dac07dfd2bc15c0623a271c8c567bb2
                                                                              • Instruction ID: 9e6767af872a93b37b4918eb7c1762db201ec86adfee6f214784901502f603c1
                                                                              • Opcode Fuzzy Hash: 202b7063c126e154f5c2615ad3e70a983dac07dfd2bc15c0623a271c8c567bb2
                                                                              • Instruction Fuzzy Hash: 6D01D1714006088FDB208F06D88AB61FFA4EF05324F18C0AEDD8A0B652C275E908DF73
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CCBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                              Download Yara Rule
                                                                              APIs
                                                                              • DispatchMessageW.USER32(?), ref: 00CCBE70
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288470046.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                                                              Similarity
                                                                              • API ID: DispatchMessage
                                                                              • String ID:
                                                                              • API String ID: 2061451462-0
                                                                              • Opcode ID: d9543430a50f6527c7e831aaf6a2872899beb339c7039fa7682e4e7534cee2d1
                                                                              • Instruction ID: 9d19212a96e6823127155b7e2f18dd43dbbbc55a1d6f5deeb2a46bf45e0bf723
                                                                              • Opcode Fuzzy Hash: d9543430a50f6527c7e831aaf6a2872899beb339c7039fa7682e4e7534cee2d1
                                                                              • Instruction Fuzzy Hash: 0BF0FF708006448FDB208F06D885BA1FFA0EF04720F18C0AEDE480B252C375E908CAA2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027820D0, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: r*+
                                                                              • API String ID: 0-3221063712
                                                                              • Opcode ID: 1c0521e602f2e5a522e96092928b493afaf426ed77244fbf8c3d95317ad972d4
                                                                              • Instruction ID: 1cc53bff7039b5ef9b0e20413a6aac5019b061911e71b9e2a463015ce7d8b1da
                                                                              • Opcode Fuzzy Hash: 1c0521e602f2e5a522e96092928b493afaf426ed77244fbf8c3d95317ad972d4
                                                                              • Instruction Fuzzy Hash: 29715230E49289DFCB44EFA9C5456BEBBB1FF45301F21806AD902E7296DB309D41CB52
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027802E8, Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: `5(r
                                                                              • API String ID: 0-3683955166
                                                                              • Opcode ID: 0b9119827eda87f63673794aaafe129ef67be34a606adcc302d14f29c7b9b226
                                                                              • Instruction ID: f0cca39591f36eee4b3ae208f55b432b2190aad532a705bf4293d7130a8872cd
                                                                              • Opcode Fuzzy Hash: 0b9119827eda87f63673794aaafe129ef67be34a606adcc302d14f29c7b9b226
                                                                              • Instruction Fuzzy Hash: 96518170B452058FDB08EF68C564B6E7BF2EF89310F1481AED50AAB765DB31AC09CB51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02781458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: $g%r
                                                                              • API String ID: 0-359987751
                                                                              • Opcode ID: d3d89021d34789be90b0397d640399e60738ac8e09b61b1ecb8c6aaab34ac148
                                                                              • Instruction ID: 43f4334218614fd2d2fa66af4b581a033bae79652eef93849f6887fd967dc357
                                                                              • Opcode Fuzzy Hash: d3d89021d34789be90b0397d640399e60738ac8e09b61b1ecb8c6aaab34ac148
                                                                              • Instruction Fuzzy Hash: A2510034A01219CFDB14EF68C994B9CBBB2BF48304F5044E9D40AAB76ACB35AD85CF51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027805C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8bq
                                                                              • API String ID: 0-187764589
                                                                              • Opcode ID: 98f497bc1101e03da40e538095e48c48ea147a65528d7b8d2f051681baa4bfe2
                                                                              • Instruction ID: bd485dc54fca319f9c55746141a93fe5ea42124ac7975cad3a3f54c4d77f2c7d
                                                                              • Opcode Fuzzy Hash: 98f497bc1101e03da40e538095e48c48ea147a65528d7b8d2f051681baa4bfe2
                                                                              • Instruction Fuzzy Hash: D0F090307005254FCA09367DA4126BF52CFABC8651768442EF10AE7384CD75AC4253E6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027805C7, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Strings
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID: 8bq
                                                                              • API String ID: 0-187764589
                                                                              • Opcode ID: d383901f55feb86c759317e0e50f222b03cbb8511b287c7356b16b866f228d9a
                                                                              • Instruction ID: 28011462f68c82463f282b4c0e50aaa2a76b4bab4eb76227c42608b0bf603e65
                                                                              • Opcode Fuzzy Hash: d383901f55feb86c759317e0e50f222b03cbb8511b287c7356b16b866f228d9a
                                                                              • Instruction Fuzzy Hash: F5F02E307000300FCA09363CA412ABF02CBABC8700B28442FF10AEB388CDB69C0393E6
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02783A60, Relevance: .4, Instructions: 446COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1e5949fbd374e89e24d975611efc517a4b6bc32577e7d935d1f3051f6d247755
                                                                              • Instruction ID: 646024e38811e8f29f907f4ba594a525e8e71496db4e3cbde55d45fc63176416
                                                                              • Opcode Fuzzy Hash: 1e5949fbd374e89e24d975611efc517a4b6bc32577e7d935d1f3051f6d247755
                                                                              • Instruction Fuzzy Hash: 25027A71A00106CFCB05DF5CC9849A9FBB2FF48710B1AC5A6E909AF266D771EC81CB95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780BC0, Relevance: .1, Instructions: 132COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 87911c11885fe78453f18a34a52d30b91249059c556315695927d87c9afe5dfe
                                                                              • Instruction ID: 6c550358b1780502bb6c94b277a1a13ed5a0bef7bd40b831ac3740a83bdb4aec
                                                                              • Opcode Fuzzy Hash: 87911c11885fe78453f18a34a52d30b91249059c556315695927d87c9afe5dfe
                                                                              • Instruction Fuzzy Hash: 4E41B831B051048FCB159F68C4147AE7BE7AFC5310F15806AEA06EF3A5DEB69C0AC791
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027802D9, Relevance: .1, Instructions: 105COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d02f7ee9d503a8fc66823e621ad29d610da10ef8d34141bda90be110491b6e00
                                                                              • Instruction ID: c2e54d53e080b1ae4374024df027b4861b62c57c51e1f719d1a3df67f8555346
                                                                              • Opcode Fuzzy Hash: d02f7ee9d503a8fc66823e621ad29d610da10ef8d34141bda90be110491b6e00
                                                                              • Instruction Fuzzy Hash: 2F419A70B442058FDB18EB68C564BAE7BF2EF89310F14446DD506BB7A0DB71AC08CB91
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02782C58, Relevance: .1, Instructions: 79COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 78d6f4c5ce1b28428c2d50615f152ea04fd8776722c8596a2cbe04421cc9a69c
                                                                              • Instruction ID: 2c32c481dd31109979733659aba0213f8d1032f5d8b9b4750736c14d287d1e3d
                                                                              • Opcode Fuzzy Hash: 78d6f4c5ce1b28428c2d50615f152ea04fd8776722c8596a2cbe04421cc9a69c
                                                                              • Instruction Fuzzy Hash: CA21077064A2C1DFC715B778DC88A39BFA5FF46215B15456BDA46DB2A3C7309C00C762
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027821E9, Relevance: .1, Instructions: 76COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: d630c8fc22af8c2b61559f850997cabad0a4b5f704f857a0513ee8930f12d5ee
                                                                              • Instruction ID: e45e4e1efd95e8c059d2a3894debb271e432e6f09c8ec5c3ee605f4751860868
                                                                              • Opcode Fuzzy Hash: d630c8fc22af8c2b61559f850997cabad0a4b5f704f857a0513ee8930f12d5ee
                                                                              • Instruction Fuzzy Hash: 16314930D4828ADFCB44EBA8C5447BEBBB1BB44305F1140AAC802E72A6DA309A04CB53
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027825DE, Relevance: .1, Instructions: 75COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 84417e492447cf39d2f39d929fb48fab85259d7f0e69e1d55544557d84b79fc5
                                                                              • Instruction ID: 2d75aa7489674c9ddd648d4318777300e490fb871683afb255bcc768daafb73a
                                                                              • Opcode Fuzzy Hash: 84417e492447cf39d2f39d929fb48fab85259d7f0e69e1d55544557d84b79fc5
                                                                              • Instruction Fuzzy Hash: 0D317A70E01286CFDB60EF69C94076EBBB2FF84315F10C52AC405AB26ADB749949CF42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02784190, Relevance: .1, Instructions: 69COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: fadc81e42f2519f26bb3ab1d0cc3a3b88c2a1ce8ba3e2d47de4e587dd3812825
                                                                              • Instruction ID: 22efe6d197013dfecb7d18386256f224399342b0c69ba0c00849a6b4aa185dcb
                                                                              • Opcode Fuzzy Hash: fadc81e42f2519f26bb3ab1d0cc3a3b88c2a1ce8ba3e2d47de4e587dd3812825
                                                                              • Instruction Fuzzy Hash: 4411B171A442169BDB14FBB9D8246BFBAB6AF85340F11412F9507E7245DEB19800C7A2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027A0846, Relevance: .1, Instructions: 61COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288898953.00000000027A0000.00000040.00000040.sdmp, Offset: 027A0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 3867fc3bfe929d6d774d3df494c30bf2d147651aeba174992e5eb03edb6ee064
                                                                              • Instruction ID: 5c1f010dcc4f9a798de9cf18acf95425b0ecefcc2effdcb183194f51b1d55b96
                                                                              • Opcode Fuzzy Hash: 3867fc3bfe929d6d774d3df494c30bf2d147651aeba174992e5eb03edb6ee064
                                                                              • Instruction Fuzzy Hash: 0B213A355093C08FD7078B20D851B56BFB1AB97318F1A86DAD4898B6A3C33A9806DB52
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027A087C, Relevance: .1, Instructions: 59COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288898953.00000000027A0000.00000040.00000040.sdmp, Offset: 027A0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: db31ee2761976f0abbbb29f22f63dc3e93d437de42a4371383ccf45d558097b3
                                                                              • Instruction ID: 2da21534084ee6f54069045aae32d6953956ff1dd0c2be49d30501d01b68c198
                                                                              • Opcode Fuzzy Hash: db31ee2761976f0abbbb29f22f63dc3e93d437de42a4371383ccf45d558097b3
                                                                              • Instruction Fuzzy Hash: 6A110635204244DFE705CB24C890B26BBA5EBC8728F24CE9CE9491B742C37BD803CA95
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027811DF, Relevance: .1, Instructions: 56COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f36b639bf93ab5e858a6f28fe29853a1a778b842e81eb667ec84125add82963e
                                                                              • Instruction ID: b6bcb08f12128dea5669b3ddc5c1dad59e6823938bd6a54a781898cbf4ce060f
                                                                              • Opcode Fuzzy Hash: f36b639bf93ab5e858a6f28fe29853a1a778b842e81eb667ec84125add82963e
                                                                              • Instruction Fuzzy Hash: AA116130348190CFC715AB2CC46896A7FF6AF96201B5541EBD04ADB676CA658C0ACF93
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780070, Relevance: .0, Instructions: 49COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2065d2e246e95d38f04f90a582f66fbfadfe520a80c336dfc75fd3efc7b2a2c7
                                                                              • Instruction ID: d1cf87c052e1f886b523a436f326a85992f813f1ffd7409f1727cb58ed996e4a
                                                                              • Opcode Fuzzy Hash: 2065d2e246e95d38f04f90a582f66fbfadfe520a80c336dfc75fd3efc7b2a2c7
                                                                              • Instruction Fuzzy Hash: AA111CB064530ADFCB04FB78D59562D7BE2FB80308F00882EE186D7618EB71D845DB42
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027A05CF, Relevance: .0, Instructions: 47COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288898953.00000000027A0000.00000040.00000040.sdmp, Offset: 027A0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5d5e5f8a52c651cd54255d1838b775b55cd49d98ccf3db87f35ac3e633ce76fa
                                                                              • Instruction ID: ad56e91643fda10ea56ebf6afc86f73dd4d6ef08413235dc88ff73f684a914aa
                                                                              • Opcode Fuzzy Hash: 5d5e5f8a52c651cd54255d1838b775b55cd49d98ccf3db87f35ac3e633ce76fa
                                                                              • Instruction Fuzzy Hash: EE01DBB55097805FD7028F16EC41862FFBCEF86720709C49FEC498B612D225B908CB71
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0278239F, Relevance: .0, Instructions: 45COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 821cd961201b5341f9661d93b61a377d1179d3ef0d3b49631d052eab9877f8fd
                                                                              • Instruction ID: 63f00c4fb190f9a4ae736ca85c0535a80dbca699ed81635a9ee29b787ac795b5
                                                                              • Opcode Fuzzy Hash: 821cd961201b5341f9661d93b61a377d1179d3ef0d3b49631d052eab9877f8fd
                                                                              • Instruction Fuzzy Hash: 5B116D70D4829ADFCB14AF64D950AAEBFB1FB44306F10446EC906B7786DB710841CF61
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02781218, Relevance: .0, Instructions: 42COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 1f5cb08cd1a84f65d655039f43f51372c1be4b7213f239e0c4dd7c7fc743b143
                                                                              • Instruction ID: 7dbf8e889f012fca756eed06d09db135b973cec2d98a63c574345cb5cb696f38
                                                                              • Opcode Fuzzy Hash: 1f5cb08cd1a84f65d655039f43f51372c1be4b7213f239e0c4dd7c7fc743b143
                                                                              • Instruction Fuzzy Hash: 04011930354110CBC648AB2CD15896AB7EAAFC9714B6440AAE40ADB675CF729C0A8B82
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780D34, Relevance: .0, Instructions: 36COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 9e40b8f80de86533935277ecd068dee4023aeae874a4c8defe924521f57fde70
                                                                              • Instruction ID: 9f04ee79d8ab56c33350a77b4117eb7d76e00752fd6dcbfeb4e4a5ab0b929d19
                                                                              • Opcode Fuzzy Hash: 9e40b8f80de86533935277ecd068dee4023aeae874a4c8defe924521f57fde70
                                                                              • Instruction Fuzzy Hash: 94F0B431311100DFC7009B28D898BA97BE2EFC4315F2484A9E44ACB776CF319C09CB51
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780918, Relevance: .0, Instructions: 33COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5e561b63a3de74bb52bf4366ae9f39e71b5cb844f2bd8a0d62e12c0ac9ca1b42
                                                                              • Instruction ID: 6c735bed55f6cbe98f332a0e9fb275ac9c225e2413d849b60dedfbbe70356808
                                                                              • Opcode Fuzzy Hash: 5e561b63a3de74bb52bf4366ae9f39e71b5cb844f2bd8a0d62e12c0ac9ca1b42
                                                                              • Instruction Fuzzy Hash: 3FE0E532A992189ADB1066F89C001AFBBA9D795250F0045779907B3200DA70580982D2
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027A0938, Relevance: .0, Instructions: 31COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288898953.00000000027A0000.00000040.00000040.sdmp, Offset: 027A0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction ID: 3dfc62413729ce9b9a06506a74f55bcd20495a761157a39968a56a906080ae1b
                                                                              • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                              • Instruction Fuzzy Hash: F1F0FB35104645DFC606CF00D940B15FBA2FB89718F24CAA9E9491B652C337A813DA81
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027A05F6, Relevance: .0, Instructions: 27COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288898953.00000000027A0000.00000040.00000040.sdmp, Offset: 027A0000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 08c96137735675aa2ffcdae3484b0f95628892dbbfb85e34ce5fe1e1d8439e2c
                                                                              • Instruction ID: 4240efa262be87df116afd2758df161d3348ff601b9801d634df96f349c79e81
                                                                              • Opcode Fuzzy Hash: 08c96137735675aa2ffcdae3484b0f95628892dbbfb85e34ce5fe1e1d8439e2c
                                                                              • Instruction Fuzzy Hash: 24E06DB66006004B9650DF0AEC81452F7D8EB84730718C46FDC0D8B711D136F5048EA5
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 027802A0, Relevance: .0, Instructions: 18COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f4dbdfcf7f3aada088f6e24a73aa60a8b69270af19569bd989e24159638abbb9
                                                                              • Instruction ID: 4c21571c10512421845937c8ef0b8e25da78d89726cb00bc250570cce6831383
                                                                              • Opcode Fuzzy Hash: f4dbdfcf7f3aada088f6e24a73aa60a8b69270af19569bd989e24159638abbb9
                                                                              • Instruction Fuzzy Hash: 71D0A771A49610CBC250A748F9599B77BF1FF9C3203108D1FE087A7644DBA07C06C742
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CC23F4, Relevance: .0, Instructions: 15COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288453493.0000000000CC2000.00000040.00000001.sdmp, Offset: 00CC2000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5b5dc74eef127de78a3b5ec0f6d1aee216d919340e10386f0b6e5931e18fc538
                                                                              • Instruction ID: 517c7f99b20fcfa6f99e88a2bec53d88b8cb6db90ef7198497db55f076fff37a
                                                                              • Opcode Fuzzy Hash: 5b5dc74eef127de78a3b5ec0f6d1aee216d919340e10386f0b6e5931e18fc538
                                                                              • Instruction Fuzzy Hash: B7D05E79205A814FD32ACA1CC1A8F953BA4EF51B04F4644FDE800CB663C368DA81E200
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 00CC23BC, Relevance: .0, Instructions: 14COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288453493.0000000000CC2000.00000040.00000001.sdmp, Offset: 00CC2000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: f3d8b73849cdfa5149bfcaf487f930743381bb877c111827e18a556e569d2098
                                                                              • Instruction ID: bbd8a60dc33700e15989333c9a447f4f079ab8271729c3f74d9199883210c413
                                                                              • Opcode Fuzzy Hash: f3d8b73849cdfa5149bfcaf487f930743381bb877c111827e18a556e569d2098
                                                                              • Instruction Fuzzy Hash: 3BD05E343012814BC715DB1CC194F5937D8AB41B00F0A44ECEC108B272C3A8ED81C600
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 0278017F, Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 4afe3ad4449afd940c12b2543f43c8464cd8880cf69394b1e10a45f02171e6a0
                                                                              • Instruction ID: c999e29a5b72681fb2ed65694cba270afe0460cc1e78548d1e4430f6602c7743
                                                                              • Opcode Fuzzy Hash: 4afe3ad4449afd940c12b2543f43c8464cd8880cf69394b1e10a45f02171e6a0
                                                                              • Instruction Fuzzy Hash: F5D01234246304CFCB196B70F45951C7B61AF49209310097EF807C7B60EB77C481CE00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780180, Relevance: .0, Instructions: 12COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 65c3d8d779299bf1a311c9f7e3f720f9ce908ce9d2e5f59c12a4613e076ae807
                                                                              • Instruction ID: 0d6888f108364755e1889537c8bcd22e3033bee06c752deece47413c9b408ce7
                                                                              • Opcode Fuzzy Hash: 65c3d8d779299bf1a311c9f7e3f720f9ce908ce9d2e5f59c12a4613e076ae807
                                                                              • Instruction Fuzzy Hash: 8AD01230202308CFCB082B74F41962C73AAAB8820A300087EF80787B60EF36E881CA00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02782D2F, Relevance: .0, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 5149e0427aca6f4dcde5f02bc15bf3383e9061e1031f435609503f74b48a454a
                                                                              • Instruction ID: fc08f438b565d381ebc549f4a210890de70db88a06f5993e1679a2573b9d0e7c
                                                                              • Opcode Fuzzy Hash: 5149e0427aca6f4dcde5f02bc15bf3383e9061e1031f435609503f74b48a454a
                                                                              • Instruction Fuzzy Hash: 01C04C351CD1C4F9D65422566C29FB92F10971C707F140587A90B794A771914100C522
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02782EC0, Relevance: .0, Instructions: 11COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: ecc8c1e5191b07f2c88cd6cf0f61cdb64517ba1ee5aa7fc2630ab399b465813f
                                                                              • Instruction ID: b23411d6bae6f53593aec568bcf4675cf6fabd5297f8e7266878e559a7fad0e3
                                                                              • Opcode Fuzzy Hash: ecc8c1e5191b07f2c88cd6cf0f61cdb64517ba1ee5aa7fc2630ab399b465813f
                                                                              • Instruction Fuzzy Hash: 89B092322942491BEB50A7B9784CBAA738C878061AF4800A2B80CC5901E666E4E02144
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02780660, Relevance: .0, Instructions: 10COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 8cc9d86be16824199966c86aa546954d25e020483e55f88521a430aae819931b
                                                                              • Instruction ID: 6bcf5892af2e4ede2e2d3cebb63ed74fefde1e46c24e9daff2b163bab86dabdd
                                                                              • Opcode Fuzzy Hash: 8cc9d86be16824199966c86aa546954d25e020483e55f88521a430aae819931b
                                                                              • Instruction Fuzzy Hash: D9C02B701CA368CEC20437702D0953D73185AC0300300C93394112012089327461C821
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Function 02782EBF, Relevance: .0, Instructions: 8COMMON
                                                                              Download Yara Rule
                                                                              Memory Dump Source
                                                                              • Source File: 0000000C.00000002.288873920.0000000002780000.00000040.00000001.sdmp, Offset: 02780000, based on PE: false
                                                                              Similarity
                                                                              • API ID:
                                                                              • String ID:
                                                                              • API String ID:
                                                                              • Opcode ID: 2c9d8f5ed0ea20f33b9d120e8bbb501fc7128775ddb41141d65860504d083e21
                                                                              • Instruction ID: 223050c61c0154d92e3e26a8363ad9ef74514b312b6bf7b7c9addb632df627db
                                                                              • Opcode Fuzzy Hash: 2c9d8f5ed0ea20f33b9d120e8bbb501fc7128775ddb41141d65860504d083e21
                                                                              • Instruction Fuzzy Hash: 8DB0123928D2C53E5F1097B52C8CFDE7F94894004631801AEDC0AC0412E271C0906A00
                                                                              Uniqueness

                                                                              Uniqueness Score: -1.00%

                                                                              Non-executed Functions