Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report YoWPu2BQzA9FeDd.exe

Overview

General Information

Sample Name:YoWPu2BQzA9FeDd.exe
Analysis ID:357125
MD5:d89532eebd77f5bcf86552e5178eb695
SHA1:2905b1b7c9757266077d4c79a81cf410188aa9ee
SHA256:619c9abd4165537a7e53c57f2c0a2ab9597c35f53a4bb0b9cdff82814ddd73cd
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM_3
Yara detected Nanocore RAT
.NET source code contains potential unpacker
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • YoWPu2BQzA9FeDd.exe (PID: 4828 cmdline: 'C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe' MD5: D89532EEBD77F5BCF86552E5178EB695)
    • schtasks.exe (PID: 780 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 3728 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RegSvcs.exe (PID: 4544 cmdline: {path} MD5: 71369277D09DA0830C8C59F9E22BB23A)
      • schtasks.exe (PID: 372 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp525A.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 6284 cmdline: 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5614.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 6316 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • RegSvcs.exe (PID: 6508 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe 0 MD5: 71369277D09DA0830C8C59F9E22BB23A)
    • conhost.exe (PID: 6520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 6532 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0 MD5: 71369277D09DA0830C8C59F9E22BB23A)
    • conhost.exe (PID: 6548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dhcpmon.exe (PID: 6684 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 71369277D09DA0830C8C59F9E22BB23A)
    • conhost.exe (PID: 6692 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "572eb7a9-aedf-4b39-8669-f7563dab8a38", "Group": "GREAT", "Domain1": "strongodss.ddns.net", "Domain2": "79.134.225.43", "Port": 58103, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Enable", "SetCriticalProcess": "Enable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Enable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8009, "BufferSize": "02000100", "MaxPacketSize": "", "GCThreshold": "", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n  <RegistrationInfo />\r\n  <Triggers />\r\n  <Principals>\r\n    <Principal id=\"Author\">\r\n      <LogonType>InteractiveToken</LogonType>\r\n      <RunLevel>HighestAvailable</RunLevel>\r\n    </Principal>\r\n  </Principals>\r\n  <Settings>\r\n    <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n    <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n    <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n    <AllowHardTerminate>true</AllowHardTerminate>\r\n    <StartWhenAvailable>false</StartWhenAvailable>\r\n    <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n    <IdleSettings>\r\n      <StopOnIdleEnd>false</StopOnIdleEnd>\r\n      <RestartOnIdle>false</RestartOnIdle>\r\n    </IdleSettings>\r\n    <AllowStartOnDemand>true</AllowStartOnDemand>\r\n    <Enabled>true</Enabled>\r\n    <Hidden>false</Hidden>\r\n    <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n    <WakeToRun>false</WakeToRun>\r\n    <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n    <Priority>4</Priority>\r\n  </Settings>\r\n  <Actions Context=\"Author\">\r\n    <Exec>\r\n      <Command>\"#EXECUTABLEPATH\"</Command>\r\n      <Arguments>$(Arg0)</Arguments>\r\n    </Exec>\r\n  </Actions>\r\n</Task"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xe75:$x1: NanoCore.ClientPluginHost
  • 0xe8f:$x2: IClientNetworkHost
00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xe75:$x2: NanoCore.ClientPluginHost
  • 0x1261:$s3: PipeExists
  • 0x1136:$s4: PipeCreated
  • 0xeb0:$s5: IClientLoggingHost
00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0x21957d:$x1: NanoCore.ClientPluginHost
  • 0x24db8d:$x1: NanoCore.ClientPluginHost
  • 0x2195ba:$x2: IClientNetworkHost
  • 0x24dbca:$x2: IClientNetworkHost
  • 0x21d0ed:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
  • 0x2516fd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0x2192e5:$a: NanoCore
    • 0x2192f5:$a: NanoCore
    • 0x219529:$a: NanoCore
    • 0x21953d:$a: NanoCore
    • 0x21957d:$a: NanoCore
    • 0x24d8f5:$a: NanoCore
    • 0x24d905:$a: NanoCore
    • 0x24db39:$a: NanoCore
    • 0x24db4d:$a: NanoCore
    • 0x24db8d:$a: NanoCore
    • 0x219344:$b: ClientPlugin
    • 0x219546:$b: ClientPlugin
    • 0x219586:$b: ClientPlugin
    • 0x24d954:$b: ClientPlugin
    • 0x24db56:$b: ClientPlugin
    • 0x24db96:$b: ClientPlugin
    • 0x160265:$c: ProjectData
    • 0x21946b:$c: ProjectData
    • 0x24da7b:$c: ProjectData
    • 0x219e72:$d: DESCrypto
    • 0x24e482:$d: DESCrypto
    Click to see the 14 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0x10643d:$x1: NanoCore.ClientPluginHost
    • 0x13aa4d:$x1: NanoCore.ClientPluginHost
    • 0x10647a:$x2: IClientNetworkHost
    • 0x13aa8a:$x2: IClientNetworkHost
    • 0x109fad:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    • 0x13e5bd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
    0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpackNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
      • 0x1061a5:$a: NanoCore
      • 0x1061b5:$a: NanoCore
      • 0x1063e9:$a: NanoCore
      • 0x1063fd:$a: NanoCore
      • 0x10643d:$a: NanoCore
      • 0x13a7b5:$a: NanoCore
      • 0x13a7c5:$a: NanoCore
      • 0x13a9f9:$a: NanoCore
      • 0x13aa0d:$a: NanoCore
      • 0x13aa4d:$a: NanoCore
      • 0x106204:$b: ClientPlugin
      • 0x106406:$b: ClientPlugin
      • 0x106446:$b: ClientPlugin
      • 0x13a814:$b: ClientPlugin
      • 0x13aa16:$b: ClientPlugin
      • 0x13aa56:$b: ClientPlugin
      • 0x4d125:$c: ProjectData
      • 0x10632b:$c: ProjectData
      • 0x13a93b:$c: ProjectData
      • 0x106d32:$d: DESCrypto
      • 0x13b342:$d: DESCrypto
      0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xada2d:$x1: NanoCore.ClientPluginHost
      • 0xe203d:$x1: NanoCore.ClientPluginHost
      • 0xada6a:$x2: IClientNetworkHost
      • 0xe207a:$x2: IClientNetworkHost
      • 0xb159d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      • 0xe5bad:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
      0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
        Click to see the 48 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: NanoCoreShow sources
        Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe, ProcessId: 4544, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
        Sigma detected: Scheduled temp file as task from temp locationShow sources
        Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe' , ParentImage: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe, ParentProcessId: 4828, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp', ProcessId: 780

        Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "572eb7a9-aedf-4b39-8669-f7563dab8a38", "Group": "GREAT", "Domain1": "strongodss.ddns.net", "Domain2": "79.134.225.43", "Port": 58103, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Enable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Enable", "SetCriticalProcess": "Enable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Enable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8009, "BufferSize": "02000100", "MaxPacketSize": "", "GCThreshold": "", "BypassUserAccountControlData": "<?xml version=\"1.0\" encoding=\"UTF-16\"?>\r\n<Task version=\"1.2\" xmlns=\"http://schemas.microsoft.com/windows/2004/02/mit/task\">\r\n <RegistrationInfo />\r\n <Triggers />\r\n <Principals>\r\n <Principal id=\"Author\">\r\n <LogonType>InteractiveToken</LogonType>\r\n <RunLevel>HighestAvailable</RunLevel>\r\n </Principal>\r\n </Principals>\r\n <Settings>\r\n <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>\r\n <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>\r\n <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>\r\n <AllowHardTerminate>true</AllowHardTerminate>\r\n <StartWhenAvailable>false</StartWhenAvailable>\r\n <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>\r\n <IdleSettings>\r\n <StopOnIdleEnd>false</StopOnIdleEnd>\r\n <RestartOnIdle>false</RestartOnIdle>\r\n </IdleSettings>\r\n <AllowStartOnDemand>true</AllowStartOnDemand>\r\n <Enabled>true</Enabled>\r\n <Hidden>false</Hidden>\r\n <RunOnlyIfIdle>false</RunOnlyIfIdle>\r\n <WakeToRun>false</WakeToRun>\r\n <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>\r\n <Priority>4</Priority>\r\n </Settings>\r\n <Actions Context=\"Author\">\r\n <Exec>\r\n <Command>\"#EXECUTABLEPATH\"</Command>\r\n <Arguments>$(Arg0)</Arguments>\r\n </Exec>\r\n </Actions>\r\n</Task"}
        Multi AV Scanner detection for domain / URLShow sources
        Source: strongodss.ddns.netVirustotal: Detection: 8%Perma Link
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORY
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPE
        Machine Learning detection for dropped fileShow sources
        Source: C:\Users\user\AppData\Roaming\jVzJHCyF.exeJoe Sandbox ML: detected
        Machine Learning detection for sampleShow sources
        Source: YoWPu2BQzA9FeDd.exeJoe Sandbox ML: detected
        Source: 8.2.RegSvcs.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
        Source: 8.2.RegSvcs.exe.5990000.11.unpackAvira: Label: TR/NanoCore.fadte

        Compliance:

        barindex
        Uses 32bit PE filesShow sources
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Uses new MSVCR DllsShow sources
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Binary contains paths to debug symbolsShow sources
        Source: Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: RegSvcs.exe, 00000008.00000002.504378217.0000000002DB1000.00000004.00000001.sdmp
        Source: Binary string: System.EnterpriseServices.Wrapper.pdb source: RegSvcs.exe, 00000012.00000002.294221067.0000000005370000.00000002.00000001.sdmp, dhcpmon.exe, 00000016.00000002.312664300.0000000004DE0000.00000002.00000001.sdmp
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: indows\RegSvcs.pdbpdbvcs.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: RegSvcs.pdb source: dhcpmon.exe, dhcpmon.exe.8.dr
        Source: Binary string: mscorrc.pdb source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.288606066.0000000007BB0000.00000002.00000001.sdmp, RegSvcs.exe, 00000008.00000002.506428080.0000000005690000.00000002.00000001.sdmp, RegSvcs.exe, 00000012.00000002.294302688.0000000005410000.00000002.00000001.sdmp, dhcpmon.exe, 00000014.00000002.294800366.00000000051B0000.00000002.00000001.sdmp
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 4x nop then mov esp, ebp8_2_02948918

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: 79.134.225.43
        Source: Malware configuration extractorURLs: strongodss.ddns.net
        Connects to many ports of the same IP (likely port scanning)Show sources
        Source: global trafficTCP traffic: 79.134.225.43 ports 0,1,3,58103,5,8
        Source: global trafficTCP traffic: 87.237.165.78 ports 0,1,3,58103,5,8
        Uses dynamic DNS servicesShow sources
        Source: unknownDNS query: name: strongodss.ddns.net
        Source: global trafficTCP traffic: 192.168.2.5:49721 -> 87.237.165.78:58103
        Source: global trafficTCP traffic: 192.168.2.5:49726 -> 79.134.225.43:58103
        Source: Joe Sandbox ViewIP Address: 79.134.225.43 79.134.225.43
        Source: Joe Sandbox ViewASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownTCP traffic detected without corresponding DNS query: 79.134.225.43
        Source: unknownDNS traffic detected: queries for: strongodss.ddns.net
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.228983734.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.233377138.0000000004C09000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.233377138.0000000004C09000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers:
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.233677879.0000000004C0D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.233677879.0000000004C0D000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersURWf
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.278818842.0000000004C00000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.come.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.278818842.0000000004C00000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.278818842.0000000004C00000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como?
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.228746620.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comX
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.228766582.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comcr
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.228812281.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.comn
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/gH
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn1
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnj
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnw
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/CursF
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Negr4
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Treb
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0ta?
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/a-e
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/c
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ita
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/-
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/u
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.228812281.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.228715164.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comkjz:
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.229801364.0000000004C06000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.229801364.0000000004C06000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kre
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.229005082.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com#
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.229033812.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com(
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.229033812.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comcom#
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000003.229033812.0000000004C1B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comh
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.279434779.00000000008D9000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
        Source: RegSvcs.exe, 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

        E-Banking Fraud:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORY
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPE

        Operating System Destruction:

        barindex
        Protects its processes via BreakOnTermination flagShow sources
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: 01 00 00 00 Jump to behavior

        System Summary:

        barindex
        Malicious sample detected (through community Yara rule)Show sources
        Source: 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 00000008.00000002.506530348.0000000005840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 8.2.RegSvcs.exe.2dc14b4.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.2dc14b4.2.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.3dfec9e.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.56f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.2dc6330.1.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.5840000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
        Source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF1572 NtSetInformationProcess,8_2_04EF1572
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF1836 NtQuerySystemInformation,8_2_04EF1836
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF17FB NtQuerySystemInformation,8_2_04EF17FB
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF1541 NtSetInformationProcess,8_2_04EF1541
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C51C80_2_008C51C8
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C01F00_2_008C01F0
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C43410_2_008C4341
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C7C0F0_2_008C7C0F
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C51B90_2_008C51B9
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C01E20_2_008C01E2
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C61490_2_008C6149
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C5EB10_2_008C5EB1
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C5F0A0_2_008C5F0A
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C5F100_2_008C5F10
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_06287D090_2_06287D09
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_00DB7AC18_2_00DB7AC1
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_02948E688_2_02948E68
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_02949A688_2_02949A68
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_029423A08_2_029423A0
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_02942FA88_2_02942FA8
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_0294B7388_2_0294B738
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_02949B2F8_2_02949B2F
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_0294306F8_2_0294306F
        Source: YoWPu2BQzA9FeDd.exeBinary or memory string: OriginalFilename vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.288850141.0000000008200000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.284140191.0000000004A50000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBunifu.UI.dll4 vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280366321.000000000286A000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAssemblyReferenceEntry.exeD vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.279434779.00000000008D9000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.289207724.00000000082F0000.00000002.00000001.sdmpBinary or memory string: originalfilename vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.289207724.00000000082F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.288606066.0000000007BB0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exeBinary or memory string: OriginalFilename vs YoWPu2BQzA9FeDd.exe
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
        Source: 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 00000008.00000002.506530348.0000000005840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.506530348.0000000005840000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 8.2.RegSvcs.exe.2dc14b4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.2dc14b4.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.2dc14b4.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.2dc14b4.2.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.3dfec9e.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.3dfec9e.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.56f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.56f0000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.2dc6330.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.2dc6330.1.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.5840000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.5840000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
        Source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
        Source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: jVzJHCyF.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
        Source: classification engineClassification label: mal100.troj.evad.winEXE@18/13@11/2
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF13F6 AdjustTokenPrivileges,8_2_04EF13F6
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF13BF AdjustTokenPrivileges,8_2_04EF13BF
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile created: C:\Program Files (x86)\DHCP MonitorJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile created: C:\Users\user\AppData\Roaming\jVzJHCyF.exeJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMutant created: \Sessions\1\BaseNamedObjects\jgGlHw
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6316:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3728:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6548:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6172:120:WilError_01
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6520:120:WilError_01
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6692:120:WilError_01
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{572eb7a9-aedf-4b39-8669-f7563dab8a38}
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA75F.tmpJump to behavior
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile read: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe 'C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe'
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe {path}
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp525A.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5614.tmp'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe 0
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
        Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe {path}Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp525A.tmp'Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5614.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
        Source: YoWPu2BQzA9FeDd.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\NanoProtectPlugin\NanoProtectClient\obj\Debug\NanoProtectClient.pdb source: RegSvcs.exe, 00000008.00000002.504378217.0000000002DB1000.00000004.00000001.sdmp
        Source: Binary string: System.EnterpriseServices.Wrapper.pdb source: RegSvcs.exe, 00000012.00000002.294221067.0000000005370000.00000002.00000001.sdmp, dhcpmon.exe, 00000016.00000002.312664300.0000000004DE0000.00000002.00000001.sdmp
        Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: indows\RegSvcs.pdbpdbvcs.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 00000008.00000002.499437549.0000000002935000.00000004.00000040.sdmp
        Source: Binary string: RegSvcs.pdb source: dhcpmon.exe, dhcpmon.exe.8.dr
        Source: Binary string: mscorrc.pdb source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.288606066.0000000007BB0000.00000002.00000001.sdmp, RegSvcs.exe, 00000008.00000002.506428080.0000000005690000.00000002.00000001.sdmp, RegSvcs.exe, 00000012.00000002.294302688.0000000005410000.00000002.00000001.sdmp, dhcpmon.exe, 00000014.00000002.294800366.00000000051B0000.00000002.00000001.sdmp

        Data Obfuscation:

        barindex
        .NET source code contains potential unpackerShow sources
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_00692DE9 push es; ret 0_2_00692DEA
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_006930BD pushfd ; ret 0_2_006930C6
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_006A78E3 push ebp; ret 0_2_006A78E9
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_006A78DC push ecx; ret 0_2_006A78DD
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_008C983B push ds; retf 0_2_008C9842
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_00DBE085 push eax; retf 8_2_00DBE099
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_00DB9D74 push 7800DBCBh; retf 8_2_00DB9D79
        Source: initial sampleStatic PE information: section name: .text entropy: 7.92573751907
        Source: initial sampleStatic PE information: section name: .text entropy: 7.92573751907
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
        Source: 8.2.RegSvcs.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile created: C:\Users\user\AppData\Roaming\jVzJHCyF.exeJump to dropped file
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

        Boot Survival:

        barindex
        Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
        Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp'

        Hooking and other Techniques for Hiding and Protection:

        barindex
        Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe:Zone.Identifier read attributes | deleteJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Yara detected AntiVM_3Show sources
        Source: Yara matchFile source: Process Memory Space: YoWPu2BQzA9FeDd.exe PID: 4828, type: MEMORY
        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\cimv2 : SELECT * FROM Win32_VideoController
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME<
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280348585.0000000002858000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 0\Target Id 0\Logical Unit Id 0 name: IdentifierJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum name: 0Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeWindow / User API: foregroundWindowGot 777Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe TID: 5512Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6648Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6736Thread sleep time: -922337203685477s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF161A GetSystemInfo,8_2_04EF161A
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: r&%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\<
        Source: RegSvcs.exe, 00000008.00000002.496756865.0000000000C17000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllV
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280348585.0000000002858000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II<
        Source: RegSvcs.exe, 00000008.00000002.507169436.0000000006250000.00000002.00000001.sdmp, RegSvcs.exe, 00000012.00000002.294348618.0000000005470000.00000002.00000001.sdmp, dhcpmon.exe, 00000014.00000002.294856223.0000000005210000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: vmware
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: r#"SOFTWARE\VMware, Inc.\VMware ToolsH
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: r87HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Tools\.
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: r"SOFTWARE\VMware, Inc.\VMware Tools
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: VMWARE<
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: VMWARE
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: QEMU<
        Source: RegSvcs.exe, 00000008.00000002.507169436.0000000006250000.00000002.00000001.sdmp, RegSvcs.exe, 00000012.00000002.294348618.0000000005470000.00000002.00000001.sdmp, dhcpmon.exe, 00000014.00000002.294856223.0000000005210000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: r%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
        Source: RegSvcs.exe, 00000008.00000002.507169436.0000000006250000.00000002.00000001.sdmp, RegSvcs.exe, 00000012.00000002.294348618.0000000005470000.00000002.00000001.sdmp, dhcpmon.exe, 00000014.00000002.294856223.0000000005210000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: rA"SOFTWARE\VMware, Inc.\VMware Tools
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280348585.0000000002858000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
        Source: YoWPu2BQzA9FeDd.exe, 00000000.00000002.280316491.0000000002842000.00000004.00000001.sdmpBinary or memory string: r#"SOFTWARE\VMware, Inc.\VMware Tools<
        Source: RegSvcs.exe, 00000008.00000002.507169436.0000000006250000.00000002.00000001.sdmp, RegSvcs.exe, 00000012.00000002.294348618.0000000005470000.00000002.00000001.sdmp, dhcpmon.exe, 00000014.00000002.294856223.0000000005210000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory allocated: page read and write | page guardJump to behavior

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        Allocates memory in foreign processesShow sources
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
        Injects a PE file into a foreign processesShow sources
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
        Writes to foreign memory regionsShow sources
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 402000Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 420000Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 422000Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeMemory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 7AC008Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp'Jump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe {path}Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp525A.tmp'Jump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5614.tmp'Jump to behavior
        Source: RegSvcs.exe, 00000008.00000002.504694681.0000000002E80000.00000004.00000001.sdmpBinary or memory string: Program Manager
        Source: RegSvcs.exe, 00000008.00000002.498902939.0000000001440000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
        Source: RegSvcs.exe, 00000008.00000002.498902939.0000000001440000.00000002.00000001.sdmpBinary or memory string: Progman
        Source: RegSvcs.exe, 00000008.00000002.498902939.0000000001440000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
        Source: RegSvcs.exe, 00000008.00000002.496592554.0000000000BE9000.00000004.00000020.sdmpBinary or memory string: Program Manageruld be made because the target machine actively refused it.
        Source: RegSvcs.exe, 00000008.00000002.498902939.0000000001440000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
        Source: RegSvcs.exe, 00000008.00000002.498902939.0000000001440000.00000002.00000001.sdmpBinary or memory string: Progmanlock
        Source: RegSvcs.exe, 00000008.00000002.496592554.0000000000BE9000.00000004.00000020.sdmpBinary or memory string: Program Manager (x86)\DHCP Monitor\dhcpmon.exegSvcs.exeH
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeQueries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exeCode function: 0_2_04A219F6 GetUserNameA,0_2_04A219F6
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

        Stealing of Sensitive Information:

        barindex
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORY
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPE

        Remote Access Functionality:

        barindex
        Detected Nanocore RatShow sources
        Source: RegSvcs.exe, 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
        Source: RegSvcs.exe, 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
        Source: RegSvcs.exe, 00000008.00000002.504378217.0000000002DB1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoProtectClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoProtectClientClientPluginResourcesNanoProtectClient.My.ResourcesMySettingsMySettingsPropertyFunctionsNanoProtectClient.NanoProtectMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsGetProtectDirectoryGetProtectFileCreateProtectFileKillNanoCoreSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeLogClientMessageSystem.IOFileExistsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedEnvironmentSpecialFolderGetFolderPathPathCombineExceptionDirectoryDirectoryInfoCreateDirectoryFileStreamCreateProjectDataSetProjectErrorClearProjectErrorProcessGetCurrentProcessKillNanoProtectClient.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoProtectClient.dlla[NanoProtect]: Checking for NanoProtect module..
        Yara detected Nanocore RATShow sources
        Source: Yara matchFile source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 4544, type: MEMORY
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3934140.1.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.398cb50.2.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e03adb.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 0.2.YoWPu2BQzA9FeDd.exe.3a2a3f0.3.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3e09511.4.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5990000.11.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.5994629.10.raw.unpack, type: UNPACKEDPE
        Source: Yara matchFile source: 8.2.RegSvcs.exe.3dfec9e.5.raw.unpack, type: UNPACKEDPE
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF2B26 bind,8_2_04EF2B26
        Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exeCode function: 8_2_04EF2AF6 bind,8_2_04EF2AF6

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsWindows Management Instrumentation1Scheduled Task/Job1Access Token Manipulation1Disable or Modify Tools1Input Capture21Account Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsProcess Injection312Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information3Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Software Packing13NTDSSecurity Software Discovery211Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading2LSA SecretsVirtualization/Sandbox Evasion13SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol21Manipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion13Cached Domain CredentialsProcess Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection312Proc FilesystemSystem Owner/User Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Hidden Files and Directories1/etc/passwd and /etc/shadowRemote System Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 357125 Sample: YoWPu2BQzA9FeDd.exe Startdate: 24/02/2021 Architecture: WINDOWS Score: 100 52 strongodss.ddns.net 2->52 58 Multi AV Scanner detection for domain / URL 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 64 13 other signatures 2->64 9 YoWPu2BQzA9FeDd.exe 6 2->9         started        13 RegSvcs.exe 4 2->13         started        15 dhcpmon.exe 4 2->15         started        17 dhcpmon.exe 3 2->17         started        signatures3 process4 file5 46 C:\Users\user\AppData\Roaming\jVzJHCyF.exe, PE32 9->46 dropped 48 C:\Users\user\AppData\Local\...\tmpA75F.tmp, XML 9->48 dropped 50 C:\Users\user\...\YoWPu2BQzA9FeDd.exe.log, ASCII 9->50 dropped 70 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 9->70 72 Writes to foreign memory regions 9->72 74 Allocates memory in foreign processes 9->74 76 Injects a PE file into a foreign processes 9->76 19 RegSvcs.exe 1 13 9->19         started        24 schtasks.exe 1 9->24         started        26 conhost.exe 13->26         started        28 conhost.exe 15->28         started        30 conhost.exe 17->30         started        signatures6 process7 dnsIp8 54 strongodss.ddns.net 87.237.165.78, 49721, 49724, 49725 MTVHGB Russian Federation 19->54 56 79.134.225.43, 49726, 49729, 49733 FINK-TELECOM-SERVICESCH Switzerland 19->56 42 C:\Users\user\AppData\Roaming\...\run.dat, ISO-8859 19->42 dropped 44 C:\Program Files (x86)\...\dhcpmon.exe, PE32 19->44 dropped 66 Protects its processes via BreakOnTermination flag 19->66 68 Hides that the sample has been downloaded from the Internet (zone.identifier) 19->68 32 schtasks.exe 1 19->32         started        34 schtasks.exe 1 19->34         started        36 conhost.exe 24->36         started        file9 signatures10 process11 process12 38 conhost.exe 32->38         started        40 conhost.exe 34->40         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        YoWPu2BQzA9FeDd.exe100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Roaming\jVzJHCyF.exe100%Joe Sandbox ML
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe0%MetadefenderBrowse
        C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe0%ReversingLabs

        Unpacked PE Files

        SourceDetectionScannerLabelLinkDownload
        8.2.RegSvcs.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
        8.2.RegSvcs.exe.5990000.11.unpack100%AviraTR/NanoCore.fadteDownload File

        Domains

        SourceDetectionScannerLabelLink
        strongodss.ddns.net8%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        http://www.jiyu-kobo.co.jp/CursF0%Avira URL Cloudsafe
        79.134.225.431%VirustotalBrowse
        79.134.225.430%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/a-e0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/Treb0%Avira URL Cloudsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.tiro.com0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.goodfont.co.kr0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/Negr40%Avira URL Cloudsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.sajatypeworks.com0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.typography.netD0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://fontfabrik.com0%URL Reputationsafe
        http://www.fontbureau.como?0%Avira URL Cloudsafe
        http://www.founder.com.cn/cnj0%Avira URL Cloudsafe
        http://www.founder.com.cn/cnw0%Avira URL Cloudsafe
        http://www.sajatypeworks.comkjz:0%Avira URL Cloudsafe
        http://www.fonts.comn0%URL Reputationsafe
        http://www.fonts.comn0%URL Reputationsafe
        http://www.fonts.comn0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.sandoll.co.kr0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.urwpp.deDPlease0%URL Reputationsafe
        http://www.tiro.com(0%Avira URL Cloudsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.zhongyicts.com.cn0%URL Reputationsafe
        http://www.tiro.com#0%Avira URL Cloudsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.sakkal.com0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/Y0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/Y0ta?0%Avira URL Cloudsafe
        http://www.sandoll.co.kre0%Avira URL Cloudsafe
        http://www.founder.com.cn/cn/gH0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
        http://www.fontbureau.come.com0%URL Reputationsafe
        http://www.fontbureau.come.com0%URL Reputationsafe
        http://www.fontbureau.come.com0%URL Reputationsafe
        http://www.fonts.comX0%Avira URL Cloudsafe
        strongodss.ddns.net0%Avira URL Cloudsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.carterandcone.coml0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn/0%URL Reputationsafe
        http://www.founder.com.cn/cn10%Avira URL Cloudsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.founder.com.cn/cn0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/u0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/u0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/u0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/ita0%Avira URL Cloudsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.fontbureau.como0%URL Reputationsafe
        http://www.jiyu-kobo.co.jp/jp/-0%Avira URL Cloudsafe
        http://www.fonts.comcr0%Avira URL Cloudsafe
        http://www.tiro.comcom#0%Avira URL Cloudsafe
        http://www.jiyu-kobo.co.jp/c0%Avira URL Cloudsafe
        http://www.tiro.comh0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        strongodss.ddns.net
        		87.237.165.78
        		truetrueunknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        79.134.225.43true
        • 1%, Virustotal, Browse
        • Avira URL Cloud: safe
        		unknown
        strongodss.ddns.nettrue
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.jiyu-kobo.co.jp/CursFYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.fontbureau.com/designersGYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.233677879.0000000004C0D000.00000004.00000001.sdmpfalse
          		high
          http://www.fontbureau.com/designers/?YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
            		high
            http://www.founder.com.cn/cn/bTheYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://www.jiyu-kobo.co.jp/a-eYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.fontbureau.com/designers?YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
              		high
              http://www.jiyu-kobo.co.jp/TrebYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://www.tiro.comYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
              • URL Reputation: safe
              • URL Reputation: safe
              • URL Reputation: safe
              		unknown
              http://www.fontbureau.com/designersYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.233377138.0000000004C09000.00000004.00000001.sdmpfalse
                		high
                http://www.goodfont.co.krYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/Negr4YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.sajatypeworks.comYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.228812281.0000000004C1B000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.typography.netDYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/cTheYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/staff/dennis.htmYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://fontfabrik.comYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.228983734.0000000004C1B000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fontbureau.como?YoWPu2BQzA9FeDd.exe, 00000000.00000003.278818842.0000000004C00000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.founder.com.cn/cnjYoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.founder.com.cn/cnwYoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.sajatypeworks.comkjz:YoWPu2BQzA9FeDd.exe, 00000000.00000003.228715164.0000000004C1B000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fonts.comnYoWPu2BQzA9FeDd.exe, 00000000.00000003.228812281.0000000004C1B000.00000004.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.galapagosdesign.com/DPleaseYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://www.fonts.comYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                  		high
                  http://www.sandoll.co.krYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.229801364.0000000004C06000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.urwpp.deDPleaseYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.tiro.com(YoWPu2BQzA9FeDd.exe, 00000000.00000003.229033812.0000000004C1B000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.zhongyicts.com.cnYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.tiro.com#YoWPu2BQzA9FeDd.exe, 00000000.00000003.229005082.0000000004C1B000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.sakkal.comYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.jiyu-kobo.co.jp/YYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.apache.org/licenses/LICENSE-2.0YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                      		high
                      http://www.jiyu-kobo.co.jp/Y0ta?YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.sandoll.co.kreYoWPu2BQzA9FeDd.exe, 00000000.00000003.229801364.0000000004C06000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.founder.com.cn/cn/gHYoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/jp/YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.come.comYoWPu2BQzA9FeDd.exe, 00000000.00000003.278818842.0000000004C00000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fonts.comXYoWPu2BQzA9FeDd.exe, 00000000.00000003.228746620.0000000004C1B000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.carterandcone.comlYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.founder.com.cn/cn/YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers/cabarga.htmlNYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn1YoWPu2BQzA9FeDd.exe, 00000000.00000003.230415696.0000000004C04000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.founder.com.cn/cnYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/frere-jones.htmlYoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                          		high
                          http://www.jiyu-kobo.co.jp/uYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmp, YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/itaYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.comoYoWPu2BQzA9FeDd.exe, 00000000.00000003.278818842.0000000004C00000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.jiyu-kobo.co.jp/jp/-YoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.fontbureau.com/designers8YoWPu2BQzA9FeDd.exe, 00000000.00000002.284590175.0000000004D70000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fonts.comcrYoWPu2BQzA9FeDd.exe, 00000000.00000003.228766582.0000000004C1B000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.tiro.comcom#YoWPu2BQzA9FeDd.exe, 00000000.00000003.229033812.0000000004C1B000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/cYoWPu2BQzA9FeDd.exe, 00000000.00000003.231570437.0000000004C04000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.com/designers:YoWPu2BQzA9FeDd.exe, 00000000.00000003.233377138.0000000004C09000.00000004.00000001.sdmpfalse
                              		high
                              http://www.tiro.comhYoWPu2BQzA9FeDd.exe, 00000000.00000003.229033812.0000000004C1B000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designersURWfYoWPu2BQzA9FeDd.exe, 00000000.00000003.233677879.0000000004C0D000.00000004.00000001.sdmpfalse
                                		high

                                Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public

                                IPDomainCountryFlagASNASN NameMalicious
                                87.237.165.78
                                		unknownRussian Federation
                                		49967MTVHGBtrue
                                79.134.225.43
                                		unknownSwitzerland
                                		6775FINK-TELECOM-SERVICESCHtrue

                                General Information

                                Joe Sandbox Version:31.0.0 Emerald
                                Analysis ID:357125
                                Start date:24.02.2021
                                Start time:08:21:11
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 10m 19s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Sample file name:YoWPu2BQzA9FeDd.exe
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:35
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal100.troj.evad.winEXE@18/13@11/2
                                EGA Information:Failed
                                HDC Information:
                                • Successful, ratio: 16.5% (good quality ratio 11.6%)
                                • Quality average: 43.6%
                                • Quality standard deviation: 35.8%
                                HCA Information:
                                • Successful, ratio: 94%
                                • Number of executed functions: 410
                                • Number of non-executed functions: 5
                                Cookbook Comments:
                                • Adjust boot time
                                • Enable AMSI
                                • Found application associated with file extension: .exe
                                Warnings:
                                Show All
                                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                • Excluded IPs from analysis (whitelisted): 52.255.188.83, 51.103.5.159, 131.253.33.200, 13.107.22.200, 204.79.197.200, 13.107.21.200, 51.11.168.160, 93.184.220.29, 104.43.193.48, 40.88.32.150, 92.122.145.220, 184.30.20.56, 51.104.144.132, 93.184.221.240, 51.104.139.180, 92.122.213.247, 92.122.213.194, 20.54.26.129
                                • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, vip1-par02p.wns.notify.trafficmanager.net, skypedataprdcoleus15.cloudapp.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, dual-a-0001.a-msedge.net, wu.ec.azureedge.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, skypedataprdcolcus15.cloudapp.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                08:22:06API Interceptor1x Sleep call for process: YoWPu2BQzA9FeDd.exe modified
                                08:22:28API Interceptor822x Sleep call for process: RegSvcs.exe modified
                                08:22:29Task SchedulerRun new task: DHCP Monitor path: "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe" s>$(Arg0)
                                08:22:29Task SchedulerRun new task: DHCP Monitor Task path: "C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe" s>$(Arg0)
                                08:22:30AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                87.237.165.78M5QDAaK9yM.exeGet hashmaliciousBrowse
                                  TdX45jQWjj.exeGet hashmaliciousBrowse
                                    79.134.225.43TdX45jQWjj.exeGet hashmaliciousBrowse
                                      JfRbEbUkpV39K4L.exeGet hashmaliciousBrowse
                                        Dachser Consulta de cliente saliente no. 000150849 - SKBMT03082020-0012-IMG0149.exeGet hashmaliciousBrowse
                                          290453721.xlsGet hashmaliciousBrowse
                                            nUo0FukkVO.xlsGet hashmaliciousBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              strongodss.ddns.netM5QDAaK9yM.exeGet hashmaliciousBrowse
                                              • 87.237.165.78
                                              TdX45jQWjj.exeGet hashmaliciousBrowse
                                              • 87.237.165.78

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              MTVHGBM5QDAaK9yM.exeGet hashmaliciousBrowse
                                              • 87.237.165.78
                                              TdX45jQWjj.exeGet hashmaliciousBrowse
                                              • 87.237.165.78
                                              QUOTATION 19 01 2021.exeGet hashmaliciousBrowse
                                              • 87.237.165.162
                                              FINK-TELECOM-SERVICESCHxF7GogN7tM.exeGet hashmaliciousBrowse
                                              • 79.134.225.120
                                              TZgGVyMJYF.exeGet hashmaliciousBrowse
                                              • 79.134.225.74
                                              ilpbALnKbE.exeGet hashmaliciousBrowse
                                              • 79.134.225.103
                                              Documents.exeGet hashmaliciousBrowse
                                              • 79.134.225.87
                                              SWcNyi2YBj.exeGet hashmaliciousBrowse
                                              • 79.134.225.103
                                              Confirmation Transfer Note Ref Number0002636.exeGet hashmaliciousBrowse
                                              • 79.134.225.8
                                              TdX45jQWjj.exeGet hashmaliciousBrowse
                                              • 79.134.225.43
                                              e92b274943f4a3a557881ee0dd57772d.exeGet hashmaliciousBrowse
                                              • 79.134.225.105
                                              WxTm2cWLHF.exeGet hashmaliciousBrowse
                                              • 79.134.225.71
                                              Payment Confirmation.exeGet hashmaliciousBrowse
                                              • 79.134.225.30
                                              rjHlt1zz28.exeGet hashmaliciousBrowse
                                              • 79.134.225.49
                                              Deadly Variants of Covid 19.docGet hashmaliciousBrowse
                                              • 79.134.225.49
                                              document.exeGet hashmaliciousBrowse
                                              • 79.134.225.122
                                              5293ea9467ea45e928620a5ed74440f5.exeGet hashmaliciousBrowse
                                              • 79.134.225.105
                                              f1a14e6352036833f1c109e1bb2934f2.exeGet hashmaliciousBrowse
                                              • 79.134.225.105
                                              256ec8f8f67b59c5e085b0bb63afcd13.exeGet hashmaliciousBrowse
                                              • 79.134.225.105
                                              JOIN.exeGet hashmaliciousBrowse
                                              • 79.134.225.30
                                              Delivery pdf.exeGet hashmaliciousBrowse
                                              • 79.134.225.25
                                              d88e07467ddcf9e3b19fa972b9f000d1.exeGet hashmaliciousBrowse
                                              • 79.134.225.105
                                              fnfqzfwC44.exeGet hashmaliciousBrowse
                                              • 79.134.225.25

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeM5QDAaK9yM.exeGet hashmaliciousBrowse
                                                oMWv1Zof2y.exeGet hashmaliciousBrowse
                                                  TdX45jQWjj.exeGet hashmaliciousBrowse
                                                    QTxFuxF5NQ.exeGet hashmaliciousBrowse
                                                      a34b93ef-dea2-45f8-a5bf-4f6b0b5291c7.exeGet hashmaliciousBrowse
                                                        3fcd8c19-af88-4cd9-87e7-0bfea1de01a1.exeGet hashmaliciousBrowse
                                                          Vietnam Order.exeGet hashmaliciousBrowse
                                                            Dhl Shipping Document.exeGet hashmaliciousBrowse
                                                              PO-WJO-001, pdf.exeGet hashmaliciousBrowse
                                                                byWuWAR5FD.exeGet hashmaliciousBrowse
                                                                  parcel_images.exeGet hashmaliciousBrowse
                                                                    0712020.exeGet hashmaliciousBrowse
                                                                      JfRbEbUkpV39K4L.exeGet hashmaliciousBrowse
                                                                        DECEMBER QUOTATION REQUEST FOR FR12007POH0008_PO0000143_ETQ.exeGet hashmaliciousBrowse
                                                                          DECEMBER QUOTATION REQUEST FOR FR12007POH0008_PO0000143_ETQ.exeGet hashmaliciousBrowse
                                                                            zC3edqmNNt.exeGet hashmaliciousBrowse
                                                                              Shipping Document.pdf..exeGet hashmaliciousBrowse
                                                                                PPR & CPR_HEA_DECEMBER 4 2020.exeGet hashmaliciousBrowse
                                                                                  AdministratorDownloadsBL,.rar.exeGet hashmaliciousBrowse
                                                                                    signed_19272.zip(#U007e18 KB) (2).exeGet hashmaliciousBrowse

                                                                                      Created / dropped Files

                                                                                      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):32768
                                                                                      Entropy (8bit):3.7515815714465193
                                                                                      Encrypted:false
                                                                                      SSDEEP:384:BOj9Y8/gS7SDriLGKq1MHR5U4Ag6ihJSxUCR1rgCPKabK2t0X5P7DZ+JgWSW72uw:B+gSAdN1MH3HAFRJngW2u
                                                                                      MD5:71369277D09DA0830C8C59F9E22BB23A
                                                                                      SHA1:37F9781314F0F6B7E9CB529A573F2B1C8DE9E93F
                                                                                      SHA-256:D4527B7AD2FC4778CC5BE8709C95AEA44EAC0568B367EE14F7357D72898C3698
                                                                                      SHA-512:2F470383E3C796C4CF212EC280854DBB9E7E8C8010CE6857E58F8E7066D7516B7CD7039BC5C0F547E1F5C7F9F2287869ADFFB2869800B08B2982A88BE96E9FB7
                                                                                      Malicious:false
                                                                                      Antivirus:
                                                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                      Joe Sandbox View:
                                                                                      • Filename: M5QDAaK9yM.exe, Detection: malicious, Browse
                                                                                      • Filename: oMWv1Zof2y.exe, Detection: malicious, Browse
                                                                                      • Filename: TdX45jQWjj.exe, Detection: malicious, Browse
                                                                                      • Filename: QTxFuxF5NQ.exe, Detection: malicious, Browse
                                                                                      • Filename: a34b93ef-dea2-45f8-a5bf-4f6b0b5291c7.exe, Detection: malicious, Browse
                                                                                      • Filename: 3fcd8c19-af88-4cd9-87e7-0bfea1de01a1.exe, Detection: malicious, Browse
                                                                                      • Filename: Vietnam Order.exe, Detection: malicious, Browse
                                                                                      • Filename: Dhl Shipping Document.exe, Detection: malicious, Browse
                                                                                      • Filename: PO-WJO-001, pdf.exe, Detection: malicious, Browse
                                                                                      • Filename: byWuWAR5FD.exe, Detection: malicious, Browse
                                                                                      • Filename: parcel_images.exe, Detection: malicious, Browse
                                                                                      • Filename: 0712020.exe, Detection: malicious, Browse
                                                                                      • Filename: JfRbEbUkpV39K4L.exe, Detection: malicious, Browse
                                                                                      • Filename: DECEMBER QUOTATION REQUEST FOR FR12007POH0008_PO0000143_ETQ.exe, Detection: malicious, Browse
                                                                                      • Filename: DECEMBER QUOTATION REQUEST FOR FR12007POH0008_PO0000143_ETQ.exe, Detection: malicious, Browse
                                                                                      • Filename: zC3edqmNNt.exe, Detection: malicious, Browse
                                                                                      • Filename: Shipping Document.pdf..exe, Detection: malicious, Browse
                                                                                      • Filename: PPR & CPR_HEA_DECEMBER 4 2020.exe, Detection: malicious, Browse
                                                                                      • Filename: AdministratorDownloadsBL,.rar.exe, Detection: malicious, Browse
                                                                                      • Filename: signed_19272.zip(#U007e18 KB) (2).exe, Detection: malicious, Browse
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{Z.................P... .......k... ........@.. ...............................[....@..................................k..K................................... k............................................... ............... ..H............text....K... ...P.................. ..`.rsrc................`..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegSvcs.exe.log
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:modified
                                                                                      Size (bytes):120
                                                                                      Entropy (8bit):5.016405576253028
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:QHXMKaoWglAFXMWA2yTMGfsbNXLVd49Am12MFuAvOAsDeieVyn:Q3LawlAFXMWTyAGCFLIP12MUAvvrs
                                                                                      MD5:50DEC1858E13F033E6DCA3CBFAD5E8DE
                                                                                      SHA1:79AE1E9131B0FAF215B499D2F7B4C595AA120925
                                                                                      SHA-256:14A557E226E3BA8620BB3A70035E1E316F1E9FB5C9E8F74C07110EE90B8D8AE4
                                                                                      SHA-512:1BD73338DF685A5B57B0546E102ECFDEE65800410D6F77845E50456AC70DE72929088AF19B59647F01CBA7A5ACFB399C52D9EF2402A9451366586862EF88E7BF
                                                                                      Malicious:false
                                                                                      Preview: 1,"fusion","GAC",0..2,"System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\YoWPu2BQzA9FeDd.exe.log
                                                                                      Process:C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):655
                                                                                      Entropy (8bit):5.273171405160065
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Q3LaJU20NaL10U29hJ5g1B0U2ukyrFk70Ug+9Yz9t0U2WUXBQav:MLF20NaL329hJ5g522rWz2p29XBT
                                                                                      MD5:2703120C370FBB4A8BA08C6D1754039E
                                                                                      SHA1:EC0DB47BF00A4A828F796147619386C0BBEA66A1
                                                                                      SHA-256:F95566974BC44F3A757CAFB1456D185D8F333AC84775089DE18310B90C18B1BC
                                                                                      SHA-512:BC05A2A1BE5B122FC6D3DEA66EF4258522F13351B9754378395AAD019631E312CFD3BC990F3E3D5C7BB0BDBA1EAD54A2B34A96DEE2FCCD703721E98F6192ED48
                                                                                      Malicious:true
                                                                                      Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4de99804c29261edb63c93616550f034\System.Management.ni.dll",0..
                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                                                                                      Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:modified
                                                                                      Size (bytes):120
                                                                                      Entropy (8bit):5.016405576253028
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:QHXMKaoWglAFXMWA2yTMGfsbNXLVd49Am12MFuAvOAsDeieVyn:Q3LawlAFXMWTyAGCFLIP12MUAvvrs
                                                                                      MD5:50DEC1858E13F033E6DCA3CBFAD5E8DE
                                                                                      SHA1:79AE1E9131B0FAF215B499D2F7B4C595AA120925
                                                                                      SHA-256:14A557E226E3BA8620BB3A70035E1E316F1E9FB5C9E8F74C07110EE90B8D8AE4
                                                                                      SHA-512:1BD73338DF685A5B57B0546E102ECFDEE65800410D6F77845E50456AC70DE72929088AF19B59647F01CBA7A5ACFB399C52D9EF2402A9451366586862EF88E7BF
                                                                                      Malicious:false
                                                                                      Preview: 1,"fusion","GAC",0..2,"System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..
                                                                                      C:\Users\user\AppData\Local\Temp\tmp525A.tmp
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1320
                                                                                      Entropy (8bit):5.135021273392143
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0mn4xtn:cbk4oL600QydbQxIYODOLedq3Z4j
                                                                                      MD5:40B11EF601FB28F9B2E69D36857BF2EC
                                                                                      SHA1:B6454020AD2CEED193F4792B77001D0BD741B370
                                                                                      SHA-256:C51E12D18CC664425F6711D8AE2507068884C7057092CFA11884100E1E9D49E1
                                                                                      SHA-512:E3C5BCC714CBFCA4B8058DDCDDF231DCEFA69C15881CE3F8123E59ED45CFB5DA052B56E1945DCF8DC7F800D62F9A4EECB82BCA69A66A1530787AEFFEB15E2BD5
                                                                                      Malicious:false
                                                                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                                                      C:\Users\user\AppData\Local\Temp\tmp5614.tmp
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1310
                                                                                      Entropy (8bit):5.109425792877704
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2dH4+S/4oL600QlMhEMjn5pwjVLUYODOLG9RJh7h8gK0R3xtn:cbk4oL600QydbQxIYODOLedq3S3j
                                                                                      MD5:5C2F41CFC6F988C859DA7D727AC2B62A
                                                                                      SHA1:68999C85FC7E37BAB9216E0099836D40D4545C1C
                                                                                      SHA-256:98B6E66B6C2173B9B91FC97FE51805340EFDE978B695453742EBAB631018398B
                                                                                      SHA-512:B5DA5DA378D038AFBF8A7738E47921ED39F9B726E2CAA2993D915D9291A3322F94EFE8CCA6E7AD678A670DB19926B22B20E5028460FCC89CEA7F6635E7557334
                                                                                      Malicious:false
                                                                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo />.. <Triggers />.. <Principals>.. <Principal id="Author">.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>HighestAvailable</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>.. <AllowHardTerminate>true</AllowHardTerminate>.. <StartWhenAvailable>false</StartWhenAvailable>.. <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>.. <IdleSettings>.. <StopOnIdleEnd>false</StopOnIdleEnd>.. <RestartOnIdle>false</RestartOnIdle>.. </IdleSettings>.. <AllowStartOnDemand>true</AllowStartOnDemand>.. <Enabled>true</Enabled>.. <Hidden>false</Hidden>.. <RunOnlyIfIdle>false</RunOnlyIfIdle>.. <Wak
                                                                                      C:\Users\user\AppData\Local\Temp\tmpA75F.tmp
                                                                                      Process:C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe
                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1645
                                                                                      Entropy (8bit):5.184387907108357
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB1ltn:cbhC7ZlNQF/rydbz9I3YODOLNdq3XP
                                                                                      MD5:00610593D653206BB931FCF95B1203BB
                                                                                      SHA1:1C7C0CCA00A060BDBEC31112A2BEB698B80FE70E
                                                                                      SHA-256:1B3CD0A440D8A8EBBB0BCC7DC5D3ED7A442899384700F925EFD5A9BEB388BBC2
                                                                                      SHA-512:F2195BA16493ED0300E13DF91BC36537DB820F03E6D1B5EA18F8BE24C4713D61FB0BF599A14480BD2D35E9E50DB2A6625DCE0C10024B38EF0B40E6737801A6E5
                                                                                      Malicious:true
                                                                                      Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                                                                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      File Type:ISO-8859 text
                                                                                      Category:dropped
                                                                                      Size (bytes):8
                                                                                      Entropy (8bit):2.75
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:B6H9tn:UPn
                                                                                      MD5:D1B6084630019902FEB9DE04281559F5
                                                                                      SHA1:E70B066BA32E2D81E593EB4D5B4C3B9D0B8CBF73
                                                                                      SHA-256:EA08804D6AB9E9F7708C2D0DC62474D681028F726BC403EFAF5BE1EAC40213F4
                                                                                      SHA-512:C5F428D1EBD3BD998647045A8132A9EDF5EFB918D633C461DCF312F96EF453D8C7F58261B8EAED9C76D1B185E44B81BA98ED8A081B4D66845F5F1F153FA1ACFA
                                                                                      Malicious:true
                                                                                      Preview: .O._...H
                                                                                      C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\task.dat
                                                                                      Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      File Type:ASCII text, with no line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):57
                                                                                      Entropy (8bit):4.795707286467131
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:oMty8WbSX/MNn:oMLWus
                                                                                      MD5:D685103573539B7E9FDBF5F1D7DD96CE
                                                                                      SHA1:4B2FE6B5C0B37954B314FCAEE1F12237A9B02D07
                                                                                      SHA-256:D78BC23B0CA3EDDF52D56AB85CDC30A71B3756569CB32AA2F6C28DBC23C76E8E
                                                                                      SHA-512:17769A5944E8929323A34269ABEEF0861D5C6799B0A27F5545FBFADC80E5AB684A471AD6F6A7FC623002385154EA89DE94013051E09120AB94362E542AB0F1DD
                                                                                      Malicious:false
                                                                                      Preview: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      C:\Users\user\AppData\Roaming\jVzJHCyF.exe
                                                                                      Process:C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):393216
                                                                                      Entropy (8bit):7.913835302870024
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:vd1ZByWI+5c6hL1DNxNGmSMRTOenrUb89mBKAIB1bG3gmA6caIndoQ2NTWqDivu:zrEe7p1DVnrUIGKAIB1PR9dl2NTjD
                                                                                      MD5:D89532EEBD77F5BCF86552E5178EB695
                                                                                      SHA1:2905B1B7C9757266077D4C79A81CF410188AA9EE
                                                                                      SHA-256:619C9ABD4165537A7E53C57F2C0A2AB9597C35F53A4BB0B9CDFF82814DDD73CD
                                                                                      SHA-512:076391F8D60D3A4901469E0F16B4D3DD988848B587ACB217BBB6C8A83FB4EFA2956219AA3ACDF267E835EC1F6704EFE5AC4E1834E1B8729F9CFD35458D020AF8
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.5`................................. ........@.. .......................`............@.....................................K.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H....... ...`[...........g..HQ..........................................r.(8......r...p(7.....o;....*....0............{.....+..*.0..*.........#............,...}....+..#........}....*...0............{.....+..*.0..*.........#............,...}....+..#........}....*...0............{.....+..*.0..*.........#............,...}....+..#........}....*...0..M........#.......@.{.....{....ZZ#.......@.{.....{....ZZX#.......@.{.....{....ZZX.+..*....0............{.....{....Z.{....Z.+..*...0..
                                                                                      \Device\ConDrv
                                                                                      Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1145
                                                                                      Entropy (8bit):4.462201512373672
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:zKLXkzPDObntKlglUEnfQtvNuNpKOK5aM9YJC:zKL0zPDQntKKH1MqJC
                                                                                      MD5:46EBEB88876A00A52CC37B1F8E0D0438
                                                                                      SHA1:5E5DB352F964E5F398301662FF558BD905798A65
                                                                                      SHA-256:D65BD5A6CC112838AFE8FA70BF61FD13C1313BCE3EE3E76C50E454D7B581238B
                                                                                      SHA-512:E713E6F304A469FB71235C598BC7E2C6F8458ABC61DAF3D1F364F66579CAFA4A7F3023E585BDA552FB400009E7805A8CA0311A50D5EDC9C2AD2D067772A071BE
                                                                                      Malicious:false
                                                                                      Preview: Microsoft (R) .NET Framework Services Installation Utility Version 2.0.50727.8922..Copyright (c) Microsoft Corporation. All rights reserved.....USAGE: regsvcs.exe [options] AssemblyName..Options:.. /? or /help Display this usage message... /fc Find or create target application (default)... /c Create target application, error if it already exists... /exapp Expect an existing application... /tlb:<tlbfile> Filename for the exported type library... /appname:<name> Use the specified name for the target application... /parname:<name> Use the specified name or id for the target partition... /extlb Use an existing type library... /reconfig Reconfigure existing target application (default)... /noreconfig Don't reconfigure existing target application... /u Uninstall target application... /nologo Suppress logo output... /quiet Suppress logo output and success output...

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.913835302870024
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                      • Windows Screen Saver (13104/52) 0.07%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      File name:YoWPu2BQzA9FeDd.exe
                                                                                      File size:393216
                                                                                      MD5:d89532eebd77f5bcf86552e5178eb695
                                                                                      SHA1:2905b1b7c9757266077d4c79a81cf410188aa9ee
                                                                                      SHA256:619c9abd4165537a7e53c57f2c0a2ab9597c35f53a4bb0b9cdff82814ddd73cd
                                                                                      SHA512:076391f8d60d3a4901469e0f16b4d3dd988848b587acb217bbb6c8a83fb4efa2956219aa3acdf267e835ec1f6704efe5ac4e1834e1b8729f9cfd35458d020af8
                                                                                      SSDEEP:6144:vd1ZByWI+5c6hL1DNxNGmSMRTOenrUb89mBKAIB1bG3gmA6caIndoQ2NTWqDivu:zrEe7p1DVnrUIGKAIB1PR9dl2NTjD
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.5`................................. ........@.. .......................`............@................................

                                                                                      File Icon

                                                                                      Icon Hash:00828e8e8686b000

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x4614ce
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                      Time Stamp:0x60359A39 [Wed Feb 24 00:13:45 2021 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:v2.0.50727
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x614800x4b.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x620000x600.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x640000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000x5f4d40x5f600False0.932080910059data7.92573751907IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x620000x6000x600False0.442708333333data4.27871469905IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x640000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_VERSION0x620900x36cdata
                                                                                      RT_MANIFEST0x6240c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Version Infos

                                                                                      DescriptionData
                                                                                      Translation0x0000 0x04b0
                                                                                      LegalCopyrightCopyright Neudesic 2017
                                                                                      Assembly Version1.0.0.0
                                                                                      InternalNameetaib.exe
                                                                                      FileVersion1.0.0.0
                                                                                      CompanyNameNeudesic
                                                                                      LegalTrademarks
                                                                                      Comments
                                                                                      ProductNameVectorBasedDrawing
                                                                                      ProductVersion1.0.0.0
                                                                                      FileDescriptionVectorBasedDrawing
                                                                                      OriginalFilenameetaib.exe

                                                                                      Network Behavior

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Feb 24, 2021 08:22:30.782995939 CET4972158103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:30.838046074 CET581034972187.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:31.439275980 CET4972158103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:31.494411945 CET581034972187.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:32.048032999 CET4972158103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:32.102804899 CET581034972187.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:36.311920881 CET4972458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:36.369085073 CET581034972487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:36.939038992 CET4972458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:36.993746042 CET581034972487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:37.548553944 CET4972458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:37.605607033 CET581034972487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:41.738549948 CET4972558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:41.793747902 CET581034972587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:42.439625978 CET4972558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:42.494566917 CET581034972587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:43.049822092 CET4972558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:22:43.105144024 CET581034972587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:22:47.114248037 CET4972658103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:47.193187952 CET581034972679.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:47.705701113 CET4972658103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:47.782963037 CET581034972679.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:48.283792973 CET4972658103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:48.360804081 CET581034972679.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:52.548042059 CET4972958103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:52.629520893 CET581034972979.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:53.143534899 CET4972958103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:53.223515987 CET581034972979.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:53.737364054 CET4972958103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:53.817322016 CET581034972979.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:57.850348949 CET4973358103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:57.929667950 CET581034973379.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:58.472224951 CET4973358103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:58.553515911 CET581034973379.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:22:59.175331116 CET4973358103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:22:59.252497911 CET581034973379.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:03.373195887 CET4973458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:03.427895069 CET581034973487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:04.066615105 CET4973458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:04.121443987 CET581034973487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:04.675764084 CET4973458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:04.730675936 CET581034973487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:09.127697945 CET4973558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:09.182590008 CET581034973587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:09.879338980 CET4973558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:09.934106112 CET581034973587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:10.569262981 CET4973558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:10.626955986 CET581034973587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:14.746368885 CET4973658103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:14.801103115 CET581034973687.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:15.302474976 CET4973658103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:15.357213020 CET581034973687.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:15.864249945 CET4973658103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:15.919167042 CET581034973687.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:19.929440022 CET4973858103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:20.011518955 CET581034973879.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:20.520958900 CET4973858103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:20.602849007 CET581034973879.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:21.115187883 CET4973858103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:21.196707964 CET581034973879.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:25.241487980 CET4973958103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:25.319788933 CET581034973979.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:25.833787918 CET4973958103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:25.913105965 CET581034973979.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:26.427709103 CET4973958103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:26.505489111 CET581034973979.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:30.523605108 CET4974058103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:30.603581905 CET581034974079.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:31.115519047 CET4974058103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:31.195658922 CET581034974079.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:31.709307909 CET4974058103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:31.791932106 CET581034974079.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:35.948029995 CET4974358103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:36.003094912 CET581034974387.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:36.506711006 CET4974358103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:36.562042952 CET581034974387.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:37.069272041 CET4974358103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:37.124191046 CET581034974387.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:41.241198063 CET4974458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:41.295802116 CET581034974487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:41.803934097 CET4974458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:41.859724998 CET581034974487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:42.366508961 CET4974458103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:42.421324968 CET581034974487.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:46.646815062 CET4974558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:46.701983929 CET581034974587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:47.210638046 CET4974558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:47.267636061 CET581034974587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:47.773190022 CET4974558103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:23:47.828268051 CET581034974587.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:23:51.837430000 CET4974658103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:51.917613029 CET581034974679.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:52.425215960 CET4974658103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:52.507610083 CET581034974679.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:53.008169889 CET4974658103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:53.089534998 CET581034974679.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:57.104069948 CET4974758103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:57.184240103 CET581034974779.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:57.695939064 CET4974758103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:57.776223898 CET581034974779.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:23:58.289701939 CET4974758103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:23:58.369832993 CET581034974779.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:24:02.405033112 CET4974858103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:24:02.486494064 CET581034974879.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:24:02.993225098 CET4974858103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:24:03.076404095 CET581034974879.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:24:03.587069035 CET4974858103192.168.2.579.134.225.43
                                                                                      Feb 24, 2021 08:24:03.667040110 CET581034974879.134.225.43192.168.2.5
                                                                                      Feb 24, 2021 08:24:07.768486977 CET4974958103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:24:07.825668097 CET581034974987.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:24:08.338018894 CET4974958103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:24:08.395694017 CET581034974987.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:24:08.902622938 CET4974958103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:24:08.957648039 CET581034974987.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:24:13.031337023 CET4975058103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:24:13.086167097 CET581034975087.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:24:13.587928057 CET4975058103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:24:13.642832041 CET581034975087.237.165.78192.168.2.5
                                                                                      Feb 24, 2021 08:24:14.150557995 CET4975058103192.168.2.587.237.165.78
                                                                                      Feb 24, 2021 08:24:14.208317995 CET581034975087.237.165.78192.168.2.5

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Feb 24, 2021 08:21:52.260188103 CET5221253192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:52.322455883 CET53522128.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:52.366096020 CET5430253192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:52.414977074 CET53543028.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:53.000411034 CET5378453192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:53.022375107 CET6530753192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:53.050311089 CET53537848.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:53.082479954 CET6434453192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:53.094324112 CET53653078.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:53.133622885 CET53643448.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:53.230941057 CET6206053192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:53.233053923 CET6180553192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:53.279875994 CET53620608.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:53.282114983 CET53618058.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:53.415981054 CET5479553192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:53.469950914 CET53547958.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:54.392311096 CET4955753192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:54.442476988 CET53495578.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:55.281292915 CET6173353192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:55.330447912 CET53617338.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:56.149508953 CET6544753192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:56.201980114 CET53654478.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:56.260215998 CET5244153192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:56.310190916 CET53524418.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:57.048332930 CET6217653192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:57.098763943 CET53621768.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:58.168817997 CET5959653192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:58.233833075 CET53595968.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:21:59.152137041 CET6529653192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:21:59.212820053 CET53652968.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:00.361061096 CET6318353192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:00.412805080 CET53631838.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:01.188030005 CET6015153192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:01.241625071 CET53601518.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:02.242263079 CET5696953192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:02.294141054 CET53569698.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:03.690298080 CET5516153192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:03.743562937 CET53551618.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:23.757661104 CET5475753192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:23.833329916 CET53547578.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:30.604545116 CET4999253192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:30.663717031 CET53499928.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:33.373549938 CET6007553192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:33.424674988 CET53600758.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:36.250876904 CET5501653192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:36.310040951 CET53550168.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:41.677490950 CET6434553192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:41.736562014 CET53643458.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:48.257189035 CET5712853192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:48.306087971 CET53571288.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:48.452671051 CET5479153192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:48.513299942 CET53547918.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:53.427459955 CET5046353192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:53.482548952 CET53504638.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:22:57.695728064 CET5039453192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:22:57.755152941 CET53503948.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:03.313415051 CET5853053192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:03.370950937 CET53585308.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:09.045413971 CET5381353192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:09.108172894 CET53538138.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:14.686711073 CET6373253192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:14.744349003 CET53637328.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:17.985760927 CET5734453192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:18.058620930 CET53573448.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:33.511554003 CET5445053192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:33.563227892 CET53544508.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:33.975176096 CET5926153192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:34.032975912 CET53592618.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:35.872972965 CET5715153192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:35.933026075 CET53571518.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:41.178101063 CET5941353192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:41.238497972 CET53594138.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:23:46.545110941 CET6051653192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:23:46.604031086 CET53605168.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:24:07.702549934 CET5164953192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:24:07.764501095 CET53516498.8.8.8192.168.2.5
                                                                                      Feb 24, 2021 08:24:12.964740038 CET6508653192.168.2.58.8.8.8
                                                                                      Feb 24, 2021 08:24:13.028446913 CET53650868.8.8.8192.168.2.5

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                      Feb 24, 2021 08:22:30.604545116 CET192.168.2.58.8.8.80xf3adStandard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:22:36.250876904 CET192.168.2.58.8.8.80x8e4eStandard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:22:41.677490950 CET192.168.2.58.8.8.80xab8cStandard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:03.313415051 CET192.168.2.58.8.8.80x19a1Standard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:09.045413971 CET192.168.2.58.8.8.80x52d8Standard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:14.686711073 CET192.168.2.58.8.8.80xa96aStandard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:35.872972965 CET192.168.2.58.8.8.80xcb26Standard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:41.178101063 CET192.168.2.58.8.8.80x7259Standard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:46.545110941 CET192.168.2.58.8.8.80xf593Standard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:24:07.702549934 CET192.168.2.58.8.8.80xe272Standard query (0)strongodss.ddns.netA (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:24:12.964740038 CET192.168.2.58.8.8.80xbe3dStandard query (0)strongodss.ddns.netA (IP address)IN (0x0001)

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                      Feb 24, 2021 08:22:30.663717031 CET8.8.8.8192.168.2.50xf3adNo error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:22:36.310040951 CET8.8.8.8192.168.2.50x8e4eNo error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:22:41.736562014 CET8.8.8.8192.168.2.50xab8cNo error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:03.370950937 CET8.8.8.8192.168.2.50x19a1No error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:09.108172894 CET8.8.8.8192.168.2.50x52d8No error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:14.744349003 CET8.8.8.8192.168.2.50xa96aNo error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:35.933026075 CET8.8.8.8192.168.2.50xcb26No error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:41.238497972 CET8.8.8.8192.168.2.50x7259No error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:23:46.604031086 CET8.8.8.8192.168.2.50xf593No error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:24:07.764501095 CET8.8.8.8192.168.2.50xe272No error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)
                                                                                      Feb 24, 2021 08:24:13.028446913 CET8.8.8.8192.168.2.50xbe3dNo error (0)strongodss.ddns.net87.237.165.78A (IP address)IN (0x0001)

                                                                                      Code Manipulations

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      Analysis Process: YoWPu2BQzA9FeDd.exe PID: 4828 Parent PID: 5660

                                                                                      General

                                                                                      Start time:08:22:00
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Users\user\Desktop\YoWPu2BQzA9FeDd.exe'
                                                                                      Imagebase:0x50000
                                                                                      File size:393216 bytes
                                                                                      MD5 hash:D89532EEBD77F5BCF86552E5178EB695
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: NanoCore, Description: unknown, Source: 00000000.00000002.283047547.0000000003821000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                      Reputation:low

                                                                                      Chronological Activities

                                                                                      Analysis Process: schtasks.exe PID: 780 Parent PID: 4828

                                                                                      General

                                                                                      Start time:08:22:23
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\jVzJHCyF' /XML 'C:\Users\user\AppData\Local\Temp\tmpA75F.tmp'
                                                                                      Imagebase:0x8b0000
                                                                                      File size:185856 bytes
                                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 3728 Parent PID: 780

                                                                                      General

                                                                                      Start time:08:22:24
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7ecfc0000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: RegSvcs.exe PID: 4544 Parent PID: 4828

                                                                                      General

                                                                                      Start time:08:22:24
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:{path}
                                                                                      Imagebase:0x7ff797770000
                                                                                      File size:32768 bytes
                                                                                      MD5 hash:71369277D09DA0830C8C59F9E22BB23A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.506475973.00000000056F0000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: NanoCore, Description: unknown, Source: 00000008.00000002.505452740.0000000003DF7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                      • Rule: NanoCore, Description: unknown, Source: 00000008.00000002.494649173.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                                                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.506530348.0000000005840000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.506530348.0000000005840000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, Author: Florian Roth
                                                                                      • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000008.00000002.506614119.0000000005990000.00000004.00000001.sdmp, Author: Joe Security
                                                                                      Reputation:moderate

                                                                                      Chronological Activities

                                                                                      Analysis Process: schtasks.exe PID: 372 Parent PID: 4544

                                                                                      General

                                                                                      Start time:08:22:26
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor' /xml 'C:\Users\user\AppData\Local\Temp\tmp525A.tmp'
                                                                                      Imagebase:0x8b0000
                                                                                      File size:185856 bytes
                                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 6172 Parent PID: 372

                                                                                      General

                                                                                      Start time:08:22:27
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7ecfc0000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: schtasks.exe PID: 6284 Parent PID: 4544

                                                                                      General

                                                                                      Start time:08:22:27
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'schtasks.exe' /create /f /tn 'DHCP Monitor Task' /xml 'C:\Users\user\AppData\Local\Temp\tmp5614.tmp'
                                                                                      Imagebase:0x8b0000
                                                                                      File size:185856 bytes
                                                                                      MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 6316 Parent PID: 6284

                                                                                      General

                                                                                      Start time:08:22:28
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7ecfc0000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: RegSvcs.exe PID: 6508 Parent PID: 904

                                                                                      General

                                                                                      Start time:08:22:29
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe 0
                                                                                      Imagebase:0xac0000
                                                                                      File size:32768 bytes
                                                                                      MD5 hash:71369277D09DA0830C8C59F9E22BB23A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Reputation:moderate

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 6520 Parent PID: 6508

                                                                                      General

                                                                                      Start time:08:22:30
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7ecfc0000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: dhcpmon.exe PID: 6532 Parent PID: 904

                                                                                      General

                                                                                      Start time:08:22:30
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' 0
                                                                                      Imagebase:0x860000
                                                                                      File size:32768 bytes
                                                                                      MD5 hash:71369277D09DA0830C8C59F9E22BB23A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Antivirus matches:
                                                                                      • Detection: 0%, Metadefender, Browse
                                                                                      • Detection: 0%, ReversingLabs
                                                                                      Reputation:moderate

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 6548 Parent PID: 6532

                                                                                      General

                                                                                      Start time:08:22:30
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7ecfc0000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Analysis Process: dhcpmon.exe PID: 6684 Parent PID: 3472

                                                                                      General

                                                                                      Start time:08:22:38
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                                                                                      Imagebase:0x540000
                                                                                      File size:32768 bytes
                                                                                      MD5 hash:71369277D09DA0830C8C59F9E22BB23A
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Reputation:moderate

                                                                                      Chronological Activities

                                                                                      Analysis Process: conhost.exe PID: 6692 Parent PID: 6684

                                                                                      General

                                                                                      Start time:08:22:39
                                                                                      Start date:24/02/2021
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7ecfc0000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Chronological Activities

                                                                                      Disassembly

                                                                                      Code Analysis

                                                                                      Reset < >

                                                                                        Analysis Process: YoWPu2BQzA9FeDd.exe PID: 4828 Parent PID: 5660 YoWPu2BQzA9FeDd.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 008C01E2, Relevance: 6.0, Strings: 2, Instructions: 3498COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8Xq$\Tp
                                                                                        • API String ID: 0-3126454647
                                                                                        • Opcode ID: 81b9e5d8d47bfb2c19f4efbdfad88f57626f882700770eeb375b7838d22a6157
                                                                                        • Instruction ID: b39ddcb0d81f0af1d323c68cf76a2374456cafd6e716ad65ac47c741a2af8e8e
                                                                                        • Opcode Fuzzy Hash: 81b9e5d8d47bfb2c19f4efbdfad88f57626f882700770eeb375b7838d22a6157
                                                                                        • Instruction Fuzzy Hash: 3483B574A01218CFDB65DB24C894BE9B7B2FF8A301F5140E9E509AB361CB35AE85CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C01F0, Relevance: 6.0, Strings: 2, Instructions: 3493COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8Xq$\Tp
                                                                                        • API String ID: 0-3126454647
                                                                                        • Opcode ID: a9b96365e310cec0cbffd9d12e75562fc0f4d425fd393f45346e819f2c3ac458
                                                                                        • Instruction ID: 53600fb42eda3cc8c7d18b6401b02d74d07fda56b7c55d07ea80a3bb1e884738
                                                                                        • Opcode Fuzzy Hash: a9b96365e310cec0cbffd9d12e75562fc0f4d425fd393f45346e819f2c3ac458
                                                                                        • Instruction Fuzzy Hash: 2183B574A01218CFDB65DB24C894BE9B7B2FF8A301F5140E9E509AB361CB35AE85CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06287D09, Relevance: 3.4, Strings: 2, Instructions: 896COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: ($1
                                                                                        • API String ID: 0-1764306902
                                                                                        • Opcode ID: 152ae50c205253b70ee9e93354a1b5a1161b2d955e2da115c09e700da13d07ac
                                                                                        • Instruction ID: 2d7af808e218ef3f7728b7a5276d0205d7ce3e8760da14abf6a96143a89763aa
                                                                                        • Opcode Fuzzy Hash: 152ae50c205253b70ee9e93354a1b5a1161b2d955e2da115c09e700da13d07ac
                                                                                        • Instruction Fuzzy Hash: AC82E170D66229CFEBA4EF24CC44BEDB7B5AB49304F5091E9841DA7291DBB84AC4CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A219F6, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetUserNameA.ADVAPI32(?,00000E2C), ref: 04A21A5D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 7feecaf882052acb7e8ee12e7a0046294c92fdd812bf88ead67101ee5bbd8a77
                                                                                        • Instruction ID: 88c67697bb36628a51921cc7d1c99e0a4a4eba47d06dd3934dea8e2553aee846
                                                                                        • Opcode Fuzzy Hash: 7feecaf882052acb7e8ee12e7a0046294c92fdd812bf88ead67101ee5bbd8a77
                                                                                        • Instruction Fuzzy Hash: B411D6B2500204AFEB20DF68DD85FAAFBACEF44320F14856BED45DB281D674A544CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C4341, Relevance: .9, Instructions: 880COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d19744283d7f56922c411ee69ad1e2dcb1e30efb59d695ec3c491db7b3fd2add
                                                                                        • Instruction ID: c2ce350742bbb97927ba3d4a965df62be6f66f9c183da8fe1fa38152b5b29d6b
                                                                                        • Opcode Fuzzy Hash: d19744283d7f56922c411ee69ad1e2dcb1e30efb59d695ec3c491db7b3fd2add
                                                                                        • Instruction Fuzzy Hash: 8592D971C05268CFEB28CFA6C8587EDFAF5FB89309F1490AAC509A6251D7744AC9DF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C51B9, Relevance: .2, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b888b5219f85c1371311989cd6f14106e7d511dba68276fe49e700724cd7039
                                                                                        • Instruction ID: 59416f0144d90dbf45b6a46ae5f8b5823965ff3357aeb1c3c6f549708d44df0e
                                                                                        • Opcode Fuzzy Hash: 0b888b5219f85c1371311989cd6f14106e7d511dba68276fe49e700724cd7039
                                                                                        • Instruction Fuzzy Hash: F8619EB4E042489FDB44DFA9D894A9DBBF2FF89301F24906AE409EB351DB74A941CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C51C8, Relevance: .2, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ba7ecd1104f6fe3b74f158ef2cc7948706eb15c90bc434b93a55442b601e6e4c
                                                                                        • Instruction ID: e19ad55879e2226e72432d9fd483c3532b06e5f3774a682787cdcddd6e0e6cd8
                                                                                        • Opcode Fuzzy Hash: ba7ecd1104f6fe3b74f158ef2cc7948706eb15c90bc434b93a55442b601e6e4c
                                                                                        • Instruction Fuzzy Hash: B4617FB4E046089FDB54DFA9D884A9DBBF2FF89301F24902AE419E7354DB74A981CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008CC2C6, Relevance: 2.5, Strings: 2, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: =$>
                                                                                        • API String ID: 0-3816510428
                                                                                        • Opcode ID: 7c4a3b54d0d5ec1b5e06afa6da0ab713f2b3b395844d7bb2060374b0188656b1
                                                                                        • Instruction ID: 72fd0d62072704197e12418730ed56dff94e191724eb897d298e87a9cbf20a62
                                                                                        • Opcode Fuzzy Hash: 7c4a3b54d0d5ec1b5e06afa6da0ab713f2b3b395844d7bb2060374b0188656b1
                                                                                        • Instruction Fuzzy Hash: F511237480962DCFCB55DF64D886BD8BBB4FB0A714F1080E9D109A7390DBB06A80CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069A2AC, Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0069A346
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ConsoleCtrlHandler
                                                                                        • String ID:
                                                                                        • API String ID: 1513847179-0
                                                                                        • Opcode ID: 962ecf60ee791cd666cbf3ad1274af44fe7c832bae399605d671b73e70b861fb
                                                                                        • Instruction ID: 56e117fc62f687ac0184c062f6a7711f6118795b9e10ce9b1dd54719685544ad
                                                                                        • Opcode Fuzzy Hash: 962ecf60ee791cd666cbf3ad1274af44fe7c832bae399605d671b73e70b861fb
                                                                                        • Instruction Fuzzy Hash: 9641C9754093806FD7128B25DC45B62BFF8EF46620F0981DBED88CB653D264A919CBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21996, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetUserNameA.ADVAPI32(?,00000E2C), ref: 04A21A5D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 9bba9fab305c8e81e3ca3a5222c9332c4c5ac69b8d00cc4f344a28b39a28e795
                                                                                        • Instruction ID: 3764879f551dea6dfabd693b1f5f6837b260f91f20ee82137de264498a113008
                                                                                        • Opcode Fuzzy Hash: 9bba9fab305c8e81e3ca3a5222c9332c4c5ac69b8d00cc4f344a28b39a28e795
                                                                                        • Instruction Fuzzy Hash: 18414C7150A3C46FE7138B648C55BA6BFB89F03210F0985DBE984DF1A3D668A849C772
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A227FF, Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04A228AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: d4087a8228488f36a6dd9ef396ca68b80b6039fb0aa3b0f34635be0806c6f545
                                                                                        • Instruction ID: f43babfb4673dc04c009cfd94b541575233c6320c1a9c482347a626cbfef324e
                                                                                        • Opcode Fuzzy Hash: d4087a8228488f36a6dd9ef396ca68b80b6039fb0aa3b0f34635be0806c6f545
                                                                                        • Instruction Fuzzy Hash: 7C31B4765043846FEB228F65DC44FA6BFBCEF06320F0484AAF985CB152D724A909DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A220EE, Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTokenInformation.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 04A22198
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InformationToken
                                                                                        • String ID:
                                                                                        • API String ID: 4114910276-0
                                                                                        • Opcode ID: 66aa14cf627ec2475c113d1252dfda1d3de0f8045d12c2dbbac13edb5391dfdf
                                                                                        • Instruction ID: 4d117c4deff1385d7b8c59762f181417b3414d2775d96d06ef7be6d324cd3e1e
                                                                                        • Opcode Fuzzy Hash: 66aa14cf627ec2475c113d1252dfda1d3de0f8045d12c2dbbac13edb5391dfdf
                                                                                        • Instruction Fuzzy Hash: 0531C9724093846FE7128F65DC85F96BFB8EF06310F0844DAE985DF153D624A508D7B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069AC22, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0069ACD1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: f972a2ab668b0b1de28dfc925ed1656091808857f247fc644c913c4728854fd3
                                                                                        • Instruction ID: 86182ddde4fea6be5ce627b7d26b648c79ef6802550febb6974ce65fd6bc888c
                                                                                        • Opcode Fuzzy Hash: f972a2ab668b0b1de28dfc925ed1656091808857f247fc644c913c4728854fd3
                                                                                        • Instruction Fuzzy Hash: 2531C8715043846FE7128B65DC85FA7BFFCEF05310F08859AFD859B152D264A909CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21C7C, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04A21D1D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: fe9e1d4062e76210a8d717d9e20ced0704e37fbb80f1d717c41970d55bc074da
                                                                                        • Instruction ID: 095113f04e825ab9ad507545f46210aaf8898978b9f6a846fa320017de416638
                                                                                        • Opcode Fuzzy Hash: fe9e1d4062e76210a8d717d9e20ced0704e37fbb80f1d717c41970d55bc074da
                                                                                        • Instruction Fuzzy Hash: 04317C75504380AFE722CF69DD44F66BFE8EF05220F0884AAE9859B252D375F409DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069AD19, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 0069ADD4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: cd3426cd4d1ddd7165831ae0afa42c18b644e2a6c584db9d8214254cae038327
                                                                                        • Instruction ID: e970f5a09ffd566055aa8acc0ede9d7e94ffe36d5ceaf82d46337bdc5caa0ba6
                                                                                        • Opcode Fuzzy Hash: cd3426cd4d1ddd7165831ae0afa42c18b644e2a6c584db9d8214254cae038327
                                                                                        • Instruction Fuzzy Hash: 903195755093845FEB22CB65CC84F92BFFCEF06310F08849AE9859B652D264E949CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20D3E, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateMutexW.KERNELBASE(?,?), ref: 04A20DE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateMutex
                                                                                        • String ID:
                                                                                        • API String ID: 1964310414-0
                                                                                        • Opcode ID: 2a4ed681811fda349c97f48e13e9e5343c8b1e92479e42a85ca6fce020af1480
                                                                                        • Instruction ID: bb310c3b3477978515de2dce9fbc3d8293c97ce2e4368095c759f04f20016264
                                                                                        • Opcode Fuzzy Hash: 2a4ed681811fda349c97f48e13e9e5343c8b1e92479e42a85ca6fce020af1480
                                                                                        • Instruction Fuzzy Hash: B3318F755097806FE712CB65DC84B56BFE8EF06310F08849AE9849B293D364B909C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20E3C, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 04A20EF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: a8980b3064bf44a1eb75b92db6a9a4d1f0e2a501a3a62569b496b0a182a8a5bf
                                                                                        • Instruction ID: 8b413c6dfc9c9ad6a2fe0b58e497ee88384284f228cf1117f9ee6d891ae2cd60
                                                                                        • Opcode Fuzzy Hash: a8980b3064bf44a1eb75b92db6a9a4d1f0e2a501a3a62569b496b0a182a8a5bf
                                                                                        • Instruction Fuzzy Hash: ED31D5764097C06FD3038B25DC51B61BFB8EF47720F0A81DBE9848B5A3E225691AC7B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A2241F, Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 04A224BB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: OpenPolicy
                                                                                        • String ID:
                                                                                        • API String ID: 2030686058-0
                                                                                        • Opcode ID: 9ac79645497a29656cb182ff7a4e09c788ca8fccb9222dab4c26fcaee6c53485
                                                                                        • Instruction ID: 6cb73235f9f6d070824bc455f9a1e0bdb92d1aac5e0fc331fec2a4d02719ae85
                                                                                        • Opcode Fuzzy Hash: 9ac79645497a29656cb182ff7a4e09c788ca8fccb9222dab4c26fcaee6c53485
                                                                                        • Instruction Fuzzy Hash: AC218076504344AFEB21CF69DC85FA6FFB8EF05310F18889AED849B152D364A948CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21ABB, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindWindowA.USER32(?,00000E2C), ref: 04A21B5E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FindWindow
                                                                                        • String ID:
                                                                                        • API String ID: 134000473-0
                                                                                        • Opcode ID: edeb9a2fbf0b5643553e3324011a7d471b91e47a5a4201ad84abc95338949170
                                                                                        • Instruction ID: ae5678e8d2ab24e413710c4dedc5f79db0776ab8b9ce14437b08517c2167785d
                                                                                        • Opcode Fuzzy Hash: edeb9a2fbf0b5643553e3324011a7d471b91e47a5a4201ad84abc95338949170
                                                                                        • Instruction Fuzzy Hash: 3121D8714083846FEB128F64CC41F96BFB8EF06320F1884EAE9489F192D3786949CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22832, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04A228AF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: d8099cf5f6a94ede19fe6338aff98d6674d5452c74d7f7370e8b49b7dd5a5194
                                                                                        • Instruction ID: f2ecf60070d8f61e279e394b8dbe2085f6d17724ea49b992039c02a449c4ea58
                                                                                        • Opcode Fuzzy Hash: d8099cf5f6a94ede19fe6338aff98d6674d5452c74d7f7370e8b49b7dd5a5194
                                                                                        • Instruction Fuzzy Hash: 7321B372500204AFEB219F69DC84FAAFBECEF04320F14886AED45DB151D774E5149B71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A2290D, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileW.KERNELBASE(?), ref: 04A22994
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 9bcd17f2117134e2a18cc67470e9cb7c007c2f960980955d09224d320cbe6251
                                                                                        • Instruction ID: 696342f39d14da3cba5f48cacfabfd4ec6cea94b9badce11654e922c1439c26d
                                                                                        • Opcode Fuzzy Hash: 9bcd17f2117134e2a18cc67470e9cb7c007c2f960980955d09224d320cbe6251
                                                                                        • Instruction Fuzzy Hash: CB21A1765093C09FD712CB39DC50B92BFA4DF57210F0D84DAE8848F2A3D224A908CB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21C9E, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 04A21D1D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 4c6a461486df2ffc9da9b4698fc9d77079d890163037304abab76ee14beb31b2
                                                                                        • Instruction ID: 361011542070ee92ef7210908c003ee9d2b8088d8affd40a62e2ef598f346e6d
                                                                                        • Opcode Fuzzy Hash: 4c6a461486df2ffc9da9b4698fc9d77079d890163037304abab76ee14beb31b2
                                                                                        • Instruction Fuzzy Hash: 8B21B075500640AFEB21CF69DD84B66FBE8EF08310F14846AE9858B252D371F404DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21D74, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileType.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 04A21E09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileType
                                                                                        • String ID:
                                                                                        • API String ID: 3081899298-0
                                                                                        • Opcode ID: 40d17e45a0c965de5b893560d6155d11e6ee6abebce5bb43efdeacb9d4527489
                                                                                        • Instruction ID: 1a2177cde50ec46079b24ad1e03a61d43e06cb9aa5891fd58b3ca1713b80dd7a
                                                                                        • Opcode Fuzzy Hash: 40d17e45a0c965de5b893560d6155d11e6ee6abebce5bb43efdeacb9d4527489
                                                                                        • Instruction Fuzzy Hash: EA2107B54087846FE7128B29DC80FA3BFB8EF46720F08849AE9849B153D224A909D771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069AC52, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0069ACD1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: 462acb9dd89963a8ba5a3b384df4c8e5830e445f1a259f44af1728e6865f6c75
                                                                                        • Instruction ID: f10f35b8320130a608e258345dff44adc4455148e747ab41fde172879457031f
                                                                                        • Opcode Fuzzy Hash: 462acb9dd89963a8ba5a3b384df4c8e5830e445f1a259f44af1728e6865f6c75
                                                                                        • Instruction Fuzzy Hash: 5B21C6B2500204AFEB21DF95DC85FABFBECEF04310F14845AED459B641D624E908CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20D72, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateMutexW.KERNELBASE(?,?), ref: 04A20DE5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateMutex
                                                                                        • String ID:
                                                                                        • API String ID: 1964310414-0
                                                                                        • Opcode ID: 35699c0aa496f3a1834ec2d27b132cfd6a4e2c163e6c27b8a118f5d2186292d0
                                                                                        • Instruction ID: c234575b20d6acae4951b7b4c9d98e7ef827fdc05bcb883e833b67e709c0fe29
                                                                                        • Opcode Fuzzy Hash: 35699c0aa496f3a1834ec2d27b132cfd6a4e2c163e6c27b8a118f5d2186292d0
                                                                                        • Instruction Fuzzy Hash: 8721D175604240AFE720DF69DD84B66FBE8EF04310F04846AEE489B242E770F404CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A2244A, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 04A224BB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: OpenPolicy
                                                                                        • String ID:
                                                                                        • API String ID: 2030686058-0
                                                                                        • Opcode ID: fe2b4f38466479b9e19851816a1255dcf9a30a0db486372650baceaad2c53dfb
                                                                                        • Instruction ID: 5fe0f106df297b27b4d3c5013fb6df3e2d77dd66d0fcd90d89457a4a687118bb
                                                                                        • Opcode Fuzzy Hash: fe2b4f38466479b9e19851816a1255dcf9a30a0db486372650baceaad2c53dfb
                                                                                        • Instruction Fuzzy Hash: EA21C376500214AFEB20DF69DD85FAAFBACEF08720F1488AAED44DB241D674E5048B71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21F26, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteFile.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 04A21FA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 3e63ecf1619b2e030f40ceba85dba5aed8667c2a5e66c08a81431bdab21d5cef
                                                                                        • Instruction ID: 15e49f3510d9db469d3f390b608a54e70c137e57725bcfd1c351067a88e2fc3c
                                                                                        • Opcode Fuzzy Hash: 3e63ecf1619b2e030f40ceba85dba5aed8667c2a5e66c08a81431bdab21d5cef
                                                                                        • Instruction Fuzzy Hash: 26216271409344AFEB228F55DC84F56BFB8EF45310F0884ABEA859B152D364A408CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069AD5A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 0069ADD4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: b69b44e58de27028dc3737d69ef34d20269aaa98c74f37b721759ae4437f4ae7
                                                                                        • Instruction ID: 84dd59e6ca24aa69be1d97fe9bab6647bb23c9d4cc852978163eff9b2ef3b26a
                                                                                        • Opcode Fuzzy Hash: b69b44e58de27028dc3737d69ef34d20269aaa98c74f37b721759ae4437f4ae7
                                                                                        • Instruction Fuzzy Hash: 262193B5504604AFEB21CF55DC80FA6FBECEF04711F14846AED459B651D760E808DAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A2212E, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTokenInformation.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 04A22198
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InformationToken
                                                                                        • String ID:
                                                                                        • API String ID: 4114910276-0
                                                                                        • Opcode ID: 5f86b78b30e115c2ba492bb5d85448e37e66aefbaa01de17c78534fc0c31f6ee
                                                                                        • Instruction ID: d57b16295304ba27a32175296d50da1b92985b234d77a71184e4e5f7f16ab185
                                                                                        • Opcode Fuzzy Hash: 5f86b78b30e115c2ba492bb5d85448e37e66aefbaa01de17c78534fc0c31f6ee
                                                                                        • Instruction Fuzzy Hash: 5C11A2B2500204AFEB21CFA9DD85FAAFBACEF04320F04846AEA49DB151D674A404DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22BD0, Relevance: 1.6, APIs: 1, Instructions: 68injectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04A22C50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: 4feddfa6bf800eb4a505b97db07f03749afc64f35ec02781572ff3a943bd24c7
                                                                                        • Instruction ID: cfafe36e6dfa6a36b525decd63678854aedfabf3abd1638e7896ee45dbbfa9ac
                                                                                        • Opcode Fuzzy Hash: 4feddfa6bf800eb4a505b97db07f03749afc64f35ec02781572ff3a943bd24c7
                                                                                        • Instruction Fuzzy Hash: 9121B3761097C09FD7228F25DC85A96FFB4EF06210F0984DEE8858B163D225A848DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20007, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 04A20083
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DrawText
                                                                                        • String ID:
                                                                                        • API String ID: 2175133113-0
                                                                                        • Opcode ID: 6f1be7780eabd64fa65636f4a0fce77182b989812461dbc47a8ba9867ef16db5
                                                                                        • Instruction ID: 0d6577077a5c3630a6f42c814f99d153132da063bf2b0cb53256111e4ab197ff
                                                                                        • Opcode Fuzzy Hash: 6f1be7780eabd64fa65636f4a0fce77182b989812461dbc47a8ba9867ef16db5
                                                                                        • Instruction Fuzzy Hash: 8A21507550D7849FEB22CF65DC44B62BFB8EF06214F08849AED85CB253D275E508CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20F1B, Relevance: 1.6, APIs: 1, Instructions: 67libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 04A20FA7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: f18b7e000bfee78827be319399d84c3ddd3f3daa0dec60c7007dd3196000eba9
                                                                                        • Instruction ID: cedcd66d2bbbac346cc0fe95d939a76c709ad45079c88765361cef699624d9e2
                                                                                        • Opcode Fuzzy Hash: f18b7e000bfee78827be319399d84c3ddd3f3daa0dec60c7007dd3196000eba9
                                                                                        • Instruction Fuzzy Hash: 0121D271508384AFE721CB54CC85FA6BFA8EF05320F18C09AFE845B192D264B948CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069B7C9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0069B845
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LibraryLoadShim
                                                                                        • String ID:
                                                                                        • API String ID: 1475914169-0
                                                                                        • Opcode ID: 53b867255fec173f1d50b1f36025662b17f433f60dcfe2d28a380865dea8218a
                                                                                        • Instruction ID: 2bd90657b7040d8f64a137763db59bd0068fb0d76a80c4abfcbcf39ea2e1552c
                                                                                        • Opcode Fuzzy Hash: 53b867255fec173f1d50b1f36025662b17f433f60dcfe2d28a380865dea8218a
                                                                                        • Instruction Fuzzy Hash: C821C3755093849FDB228A15DD84B62BFBCEF06310F08809AED848B253D365E808CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22D31, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 04A22DA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: 9a7a408ce8c7209ee72da742af981509a20fef98cdbae1138f8e6c9fbc2b6736
                                                                                        • Instruction ID: a84165f92d4d7c6bce8114aff809d53800534e3fbe7d032674bef58fc7132152
                                                                                        • Opcode Fuzzy Hash: 9a7a408ce8c7209ee72da742af981509a20fef98cdbae1138f8e6c9fbc2b6736
                                                                                        • Instruction Fuzzy Hash: 02218C724093C09FDB138F25CC44A52BFB4EF07220F0984DAE9848F163D225A858DB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069A5FB, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0069A666
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: bf329808ca1afb9eea2c09e8e0280f564f4a8e5d25cd4a2c5996953409b3d576
                                                                                        • Instruction ID: bb92aea3cf10f2e63cf60651309ec1ec1268a72554987d00642fa20d152e0461
                                                                                        • Opcode Fuzzy Hash: bf329808ca1afb9eea2c09e8e0280f564f4a8e5d25cd4a2c5996953409b3d576
                                                                                        • Instruction Fuzzy Hash: D2118471409780AFDB228F55DC44A62FFF8EF4A310F0884DAED898B563D275A418DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21AF2, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindWindowA.USER32(?,00000E2C), ref: 04A21B5E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FindWindow
                                                                                        • String ID:
                                                                                        • API String ID: 134000473-0
                                                                                        • Opcode ID: a489d4c3a9f95375556bd5cb1eee43b0ac153fca0784540c8ecff8b0964cc0d8
                                                                                        • Instruction ID: 9328a97838e62c72c277c330f13fa8035134e57700e3596bdbdbcef14d1a8eec
                                                                                        • Opcode Fuzzy Hash: a489d4c3a9f95375556bd5cb1eee43b0ac153fca0784540c8ecff8b0964cc0d8
                                                                                        • Instruction Fuzzy Hash: 0411E771500204AFFB20DF69DD85BA6FBA8DF44720F18846AED489F281E274B405DBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21F46, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteFile.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 04A21FA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: b71903ed6eff44d1d0716baef356872f3f13eb491c80a877ce12b20bd706de5b
                                                                                        • Instruction ID: 02461115a35c9f7b7fcfe035aa04aeb7c809ea13bd32bfc27fe18d2452c67e93
                                                                                        • Opcode Fuzzy Hash: b71903ed6eff44d1d0716baef356872f3f13eb491c80a877ce12b20bd706de5b
                                                                                        • Instruction Fuzzy Hash: 5211C171504204AFEB21DF99DD80FAAFBA8EF44320F14846BEE599B291D774A404DBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22B2F, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04A22B94
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 7220db9a4a2dde8ec93a92e04ddfeeefb59ddd20649a4a45b1da6cdb9d01cfa7
                                                                                        • Instruction ID: ea6c4f8b0936b0516500be6b91f463aea6c83c0dd3784517c11f28d76f9b6b15
                                                                                        • Opcode Fuzzy Hash: 7220db9a4a2dde8ec93a92e04ddfeeefb59ddd20649a4a45b1da6cdb9d01cfa7
                                                                                        • Instruction Fuzzy Hash: 0911E2764097809FDB228F25DC40B52FFB4EF16220F0880DEED858B163C275A458DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20F3E, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 04A20FA7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 4e6f9e068af2a2cee178618a40a4c70c3b602f453441d39785f4aa5bcafd1703
                                                                                        • Instruction ID: 409e7b43772a9906a1bce4070a765ee5f11cbde8f4b747b53f15909f82c0876c
                                                                                        • Opcode Fuzzy Hash: 4e6f9e068af2a2cee178618a40a4c70c3b602f453441d39785f4aa5bcafd1703
                                                                                        • Instruction Fuzzy Hash: E611E571544204AFF720DF19DD81B66FBA8EF44720F14C45AFE445A281D2B4B504DBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22F7F, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 04A22FE9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: 96f86cbc9dc1ecad1c217f1cbe7f9acf429c9abe991e3f60ec9917566c5767ca
                                                                                        • Instruction ID: 78fa9e9965971ac6228af7b4b02c9563d3b7e425112e022cc5a1f5e8dbc0a056
                                                                                        • Opcode Fuzzy Hash: 96f86cbc9dc1ecad1c217f1cbe7f9acf429c9abe991e3f60ec9917566c5767ca
                                                                                        • Instruction Fuzzy Hash: 6E11D0714093849FDB228F25DC45B52FFB4EF06224F08809EED854B163D275A418DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22A88, Relevance: 1.6, APIs: 1, Instructions: 55threadinjectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,?), ref: 04A22AE7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: bd398b11982f4700a53e2516d0b4f014858e413a48fea0face29ab42d5455ce8
                                                                                        • Instruction ID: 5c011e58f9b83216ecdd10ef264bdca48ca38a5cc5afc80cabf204c73d98b9c0
                                                                                        • Opcode Fuzzy Hash: bd398b11982f4700a53e2516d0b4f014858e413a48fea0face29ab42d5455ce8
                                                                                        • Instruction Fuzzy Hash: 40118F765093849FDB218F15DC85B56FFE8EF06220F0980EAED458B262D278E948CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A21DB6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileType.KERNELBASE(?,00000E2C,2D7E38A9,00000000,00000000,00000000,00000000), ref: 04A21E09
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileType
                                                                                        • String ID:
                                                                                        • API String ID: 3081899298-0
                                                                                        • Opcode ID: 3ffa6137a9b2fe823893b275f377264445e8826f7c2f731e1b5cb893959021aa
                                                                                        • Instruction ID: 8137cba88c28ffd52481fc308d7403a1e0fb98609047892ce753bc8c1df5e418
                                                                                        • Opcode Fuzzy Hash: 3ffa6137a9b2fe823893b275f377264445e8826f7c2f731e1b5cb893959021aa
                                                                                        • Instruction Fuzzy Hash: 6401D2B1504204AFE720CF59DD85F7AFBA8DF44720F18C4AAEE499B241DA78B504DAB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20032, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DrawTextExW.USER32(?,?,?,?,?,?), ref: 04A20083
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DrawText
                                                                                        • String ID:
                                                                                        • API String ID: 2175133113-0
                                                                                        • Opcode ID: 5cd0c250b207a9fd3a29afffcf8623808e4d8b3bf20bc87e0acb419a86406d3a
                                                                                        • Instruction ID: 6fc5e063d8876acd6303a60a335d491a6846e806addefa35ccdf79dd337a4306
                                                                                        • Opcode Fuzzy Hash: 5cd0c250b207a9fd3a29afffcf8623808e4d8b3bf20bc87e0acb419a86406d3a
                                                                                        • Instruction Fuzzy Hash: F3115E715082049FEB20CF69D984B66FBE8EF04715F0884AADE898B256D375E404DB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069AEF0, Relevance: 1.6, APIs: 1, Instructions: 50memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0069AF50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 63d85c6ab2ef80de20862990dd3b818e2a9f7966428a065803b579100e011f84
                                                                                        • Instruction ID: 9c48b091ceedb43e3546d79930a2c7e2ce16160197374542e9266983f1f68b57
                                                                                        • Opcode Fuzzy Hash: 63d85c6ab2ef80de20862990dd3b818e2a9f7966428a065803b579100e011f84
                                                                                        • Instruction Fuzzy Hash: A2119171409784AFDB218F55DC44A52FFF4EF05320F08849EED854B662C375A418CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069A42A, Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(?), ref: 0069A480
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: bd915560c9f2c4ba15001d9493a534f0388514f246d4b9189b0ca8e6a2856166
                                                                                        • Instruction ID: 91e6191b78fdb446a5868363e2b6ebe4240cd2b47ea8394055e226f46d5260aa
                                                                                        • Opcode Fuzzy Hash: bd915560c9f2c4ba15001d9493a534f0388514f246d4b9189b0ca8e6a2856166
                                                                                        • Instruction Fuzzy Hash: 77115275409384AFDB128B15DC44B62FFB8DF46624F0880DAED854B253D265A908CBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22C0A, Relevance: 1.5, APIs: 1, Instructions: 47injectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04A22C50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: a39ea83350a8906c199085cbe1ea8736194b084eca7cabc21c8d4966d0e7c22f
                                                                                        • Instruction ID: 09931ce0874e8a5fc79334f08e9ed7e4c86241b524f4042bf739a03aeff0772a
                                                                                        • Opcode Fuzzy Hash: a39ea83350a8906c199085cbe1ea8736194b084eca7cabc21c8d4966d0e7c22f
                                                                                        • Instruction Fuzzy Hash: FF01847A5006049FDB20CF59D984B66FBE4EF04320F08C4AADD498B666D275E458EB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A2295A, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileW.KERNELBASE(?), ref: 04A22994
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 274bef48878b886b1ee9cc85be58aaaf146f13b6eae44e9397fb5bbe3bde6aa0
                                                                                        • Instruction ID: 754f0a6322cb569770735f1df1c2558a145bf57719697e4de8a7bdc41bb250b6
                                                                                        • Opcode Fuzzy Hash: 274bef48878b886b1ee9cc85be58aaaf146f13b6eae44e9397fb5bbe3bde6aa0
                                                                                        • Instruction Fuzzy Hash: E501B172A042518FDB10CF69E984766FBA8EF44221F08C4AAEC49CF242D274E404DB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069B7FA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0069B845
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LibraryLoadShim
                                                                                        • String ID:
                                                                                        • API String ID: 1475914169-0
                                                                                        • Opcode ID: ef8f8cf23fb708e928ba4638b3dbc21661145d475937cb46922eb1c03023d513
                                                                                        • Instruction ID: 576393168378f17c5d97aa541ca97daffb324730a36e21fd9725032f033449e6
                                                                                        • Opcode Fuzzy Hash: ef8f8cf23fb708e928ba4638b3dbc21661145d475937cb46922eb1c03023d513
                                                                                        • Instruction Fuzzy Hash: 620180755002049FDB60DF19EA85B66FBECEF08720F08C099DD498B752D374E408CAB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069A622, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0069A666
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: c2dcb5443a5a1034bf0212d2cf3512528898ef4fcb92e329f0543640a9e42e46
                                                                                        • Instruction ID: 01f60b0f74e265641c7db8b46127fa7a5d5b21a963ff33c72253a8e275c11a74
                                                                                        • Opcode Fuzzy Hash: c2dcb5443a5a1034bf0212d2cf3512528898ef4fcb92e329f0543640a9e42e46
                                                                                        • Instruction Fuzzy Hash: 2D0180318006049FDF218F95D984B56FFE5EF48320F18C4AAED894B656D375A414DFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22AAA, Relevance: 1.5, APIs: 1, Instructions: 44threadinjectionCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,?), ref: 04A22AE7
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: 06f64de409bef1cce8f1cd9d34710bd83154691eeb8d0f02ca6a7928dd33cf4f
                                                                                        • Instruction ID: 4cfd13c4a6c13b32cfa1e97e9f2a216894eba60be12f4e97a8f231f4843cf952
                                                                                        • Opcode Fuzzy Hash: 06f64de409bef1cce8f1cd9d34710bd83154691eeb8d0f02ca6a7928dd33cf4f
                                                                                        • Instruction Fuzzy Hash: 500171766042049FEB208F1AD984766FBE4EF44620F08C0AADD598B652E275E844DA61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069A2F6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 0069A346
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ConsoleCtrlHandler
                                                                                        • String ID:
                                                                                        • API String ID: 1513847179-0
                                                                                        • Opcode ID: cad478773b03437d24ad2e2c0fac7abbe55546a3bc9349d6acd03366816f8947
                                                                                        • Instruction ID: 925d1492ed42b1f178c975bbfb37d4c35b99a884ba525ac63ac2ebdeb917380c
                                                                                        • Opcode Fuzzy Hash: cad478773b03437d24ad2e2c0fac7abbe55546a3bc9349d6acd03366816f8947
                                                                                        • Instruction Fuzzy Hash: E201AD76500200ABD210DF1ADC86B26FBE8FB88B20F14815AED085B745E635F915CBE6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A20EA2, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 04A20EF2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: 9e7d90c4e2c594b270f4b02b37ef010ea07c69f997f31fc503e2c697635cbe4e
                                                                                        • Instruction ID: c7fa1ef7119eeda76d371fbbb9315e75505fe7e377473924921e263d698f8459
                                                                                        • Opcode Fuzzy Hash: 9e7d90c4e2c594b270f4b02b37ef010ea07c69f997f31fc503e2c697635cbe4e
                                                                                        • Instruction Fuzzy Hash: 4401AD76500200ABD210DF1ADC86B26FBE8FB88B20F14C11AED085B745E675F915CBE6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22B56, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 04A22B94
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 8b7824f466151582a6dc5cdc2481363a71a51671f3601af3426e3129bb5c7578
                                                                                        • Instruction ID: 19563394658811909501d7bf99aced0417d87c5a07f57e42e6f69bcdccf84d22
                                                                                        • Opcode Fuzzy Hash: 8b7824f466151582a6dc5cdc2481363a71a51671f3601af3426e3129bb5c7578
                                                                                        • Instruction Fuzzy Hash: 7C01B5365006009FDB208F59DD84B65FFA4EF54320F08C49EED494B651D275E418DF72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22FAE, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 04A22FE9
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: c062055955e282b5339b378d3d1e4f511a79ca23c7381cf7f5fa09ac490716c3
                                                                                        • Instruction ID: 8e0bafb700e514525a0ddcc47376920a77d371a75a5e13eaa5ae97f904294d3b
                                                                                        • Opcode Fuzzy Hash: c062055955e282b5339b378d3d1e4f511a79ca23c7381cf7f5fa09ac490716c3
                                                                                        • Instruction Fuzzy Hash: E101D4365042409FEB208F19D884B65FFA4EF04320F08C0AEDD994B692D275E418EF71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069AF12, Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0069AF50
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: a4b3d3b7b9fa3dbd0ff72fdf40a4ba5e1aab2247c74cb44503dd80691d3781b4
                                                                                        • Instruction ID: 759c4f46dbf58ed69c40250e22ea0fc1be064c99608b75c33913a47ec56fba30
                                                                                        • Opcode Fuzzy Hash: a4b3d3b7b9fa3dbd0ff72fdf40a4ba5e1aab2247c74cb44503dd80691d3781b4
                                                                                        • Instruction Fuzzy Hash: 55018F75400604DFDB208F95D884B65FFE5EF08320F18C49AED894B662D375A418DFB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04A22D6A, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • PostMessageW.USER32(?,?,?,?), ref: 04A22DA5
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.284080624.0000000004A20000.00000040.00000001.sdmp, Offset: 04A20000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: b98a00fac6728cf78952329fda77254dd392cc1e77dd030860714c3d98d1dbac
                                                                                        • Instruction ID: ccf67c4541bd39c91a6ed693438f9d7ea71df31e04e0c3aac3272cdca4bd8504
                                                                                        • Opcode Fuzzy Hash: b98a00fac6728cf78952329fda77254dd392cc1e77dd030860714c3d98d1dbac
                                                                                        • Instruction Fuzzy Hash: 14018F365006449FDB208F59D984B65FFA0EF48320F08C49ADD590B266D275A458DBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0069A44E, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNELBASE(?), ref: 0069A480
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279261428.000000000069A000.00000040.00000001.sdmp, Offset: 0069A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 5ecd2bf2037be97eae56ee807de6396a87608be8489b7c2eae62670cfef6a9a7
                                                                                        • Instruction ID: 4b111121fa77ccbabfd739b79fa68feae69d86ebbe2897e089723a2bd6cc0d5a
                                                                                        • Opcode Fuzzy Hash: 5ecd2bf2037be97eae56ee807de6396a87608be8489b7c2eae62670cfef6a9a7
                                                                                        • Instruction Fuzzy Hash: 62F0AF758142448FDB108F59E888765FFE8EF44731F18C0AADD894B756D2B9A408CEE2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06282F84, Relevance: 1.4, Strings: 1, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: g
                                                                                        • API String ID: 0-30677878
                                                                                        • Opcode ID: 42e44feea2b00b1cf39218db2949c716b9c5566c34fe7906688efebe2b1b6510
                                                                                        • Instruction ID: 550f2e5e124ee956d7fdf517b2b8845027b48ccf3fa252a0c0af5bb421c07189
                                                                                        • Opcode Fuzzy Hash: 42e44feea2b00b1cf39218db2949c716b9c5566c34fe7906688efebe2b1b6510
                                                                                        • Instruction Fuzzy Hash: 9B713870C2B218CFEBA0DF69DD447ECBBB9BB0A304F109099D409A7291C7B45A85CF84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C00B9, Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 4ij
                                                                                        • API String ID: 0-3313224950
                                                                                        • Opcode ID: bb92d1adc07db75d0a817a1416eacebc4db180d1c8e78384186206899b990606
                                                                                        • Instruction ID: 9c2afdcd547c0c6d581a770e356ddc400635dd4049702d6261f35e2d675c47cb
                                                                                        • Opcode Fuzzy Hash: bb92d1adc07db75d0a817a1416eacebc4db180d1c8e78384186206899b990606
                                                                                        • Instruction Fuzzy Hash: C531E634A01209DFCB04EFA4C595AEDBBB2FF46304F2541E8E4086B365CB31AE41DB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C00C8, Relevance: 1.3, Strings: 1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 4ij
                                                                                        • API String ID: 0-3313224950
                                                                                        • Opcode ID: 87c2f28d0ecb0e2adc4c9b2f8df7a259e2444087dcc26a3abb204b0c0ee07bda
                                                                                        • Instruction ID: f233edf26e5c2826ace23216b66132df7b1591172ac445b9dbb3ab98bcb52212
                                                                                        • Opcode Fuzzy Hash: 87c2f28d0ecb0e2adc4c9b2f8df7a259e2444087dcc26a3abb204b0c0ee07bda
                                                                                        • Instruction Fuzzy Hash: 88319334A01209DFCB04EFA8C5959EDB7B2FF46304F2545E8A8096B365DB31AE41DB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C0070, Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: T^j
                                                                                        • API String ID: 0-497788898
                                                                                        • Opcode ID: 1696b956300d63e6bfe372fb4b48addcdc874c57ba99d091c3859bbd3824926c
                                                                                        • Instruction ID: 636eaa5ce19cc100b34421c5f8713e521350b7889589b8996e66ec47de89ed42
                                                                                        • Opcode Fuzzy Hash: 1696b956300d63e6bfe372fb4b48addcdc874c57ba99d091c3859bbd3824926c
                                                                                        • Instruction Fuzzy Hash: 2CE086B0582208DFC748FBB8851666E77B9EB43300F40196C540273241CE796E109AB5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008CC245, Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: =
                                                                                        • API String ID: 0-2322244508
                                                                                        • Opcode ID: 5015684fb058b3940b35e59df1369dce2ad09f329e212e153ea463412f6adaf9
                                                                                        • Instruction ID: 5474e3ab38d23687fb91969bc1526dc46f5fe91999eaa78e46ac920bbfb0c472
                                                                                        • Opcode Fuzzy Hash: 5015684fb058b3940b35e59df1369dce2ad09f329e212e153ea463412f6adaf9
                                                                                        • Instruction Fuzzy Hash: B5F0C474805269CFCB59DF24D98A6D9BBB1FF49301F1041E9D609AB255DBB42E80CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008CE483, Relevance: 1.3, Strings: 1, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: {
                                                                                        • API String ID: 0-366298937
                                                                                        • Opcode ID: d050b2cafeae652eb7039d9a56f046e37f4145a1ae9c21b31456494a5ca40640
                                                                                        • Instruction ID: 2116ac0e96ae1c10dcb3b7115fa44d3a43531dea00802c76c0e309e688a92f93
                                                                                        • Opcode Fuzzy Hash: d050b2cafeae652eb7039d9a56f046e37f4145a1ae9c21b31456494a5ca40640
                                                                                        • Instruction Fuzzy Hash: FBE0BDB4D1D60CCBCB24CFA4D040AADBBB8FF1A304F20642DD01AFB202D2349402AF08
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C55E9, Relevance: .2, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a0e95a369fc051ce32d6a6c01785189c0036237a5f02277bebf24112dad05325
                                                                                        • Instruction ID: 0b29a0a348d83d2d33b089a5293ca1f0165e662bd1f6294883a47c1b9f4f3a32
                                                                                        • Opcode Fuzzy Hash: a0e95a369fc051ce32d6a6c01785189c0036237a5f02277bebf24112dad05325
                                                                                        • Instruction Fuzzy Hash: 0E91D034D00628CFDF20DFA8C884B9DBBB2FF49315F5481A9E509AB251DB71AA85CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06288C9A, Relevance: .2, Instructions: 178COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 882ddf90a5bb647d601dfb4a4dce3c5dc26c4217212568aa930b8255d9ccf7d6
                                                                                        • Instruction ID: 32415da53ed61df0ed344b0724917ce9f0c43c1a7446ded9f63b65cef12d3a19
                                                                                        • Opcode Fuzzy Hash: 882ddf90a5bb647d601dfb4a4dce3c5dc26c4217212568aa930b8255d9ccf7d6
                                                                                        • Instruction Fuzzy Hash: C1714770C6622ACFDBA4EF24CC447ECB7B5AB46311F5092EAC419A62C1DB784AC5CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06284B3D, Relevance: .2, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8c50b16bd7e8895ddc9fc459c6e5260376f661190482e1833b7b7a4c6624fcf9
                                                                                        • Instruction ID: acf85fd77df65512b4ac55f4376e66c069fc17c9deda8a2eed455a338519db87
                                                                                        • Opcode Fuzzy Hash: 8c50b16bd7e8895ddc9fc459c6e5260376f661190482e1833b7b7a4c6624fcf9
                                                                                        • Instruction Fuzzy Hash: A3711574D1521ACFDB64EF24C880BEDBBB6BB59310F1082E9C85A67291DB744E81CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C5810, Relevance: .2, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e50ee6ad743c1d776762ffe458bef7a7427de376eff417c2d4d2d6bfea72bddc
                                                                                        • Instruction ID: 2ea7eca10bcfa2cc3152d1dee6b590d2d9bda44353642d6c1ed2eed648c82248
                                                                                        • Opcode Fuzzy Hash: e50ee6ad743c1d776762ffe458bef7a7427de376eff417c2d4d2d6bfea72bddc
                                                                                        • Instruction Fuzzy Hash: 0571DD74A01628CFDF20DF68C880BADBBB2FB55315F6081A9D049A7251DB30AAC4CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06281C69, Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: efc52a6713591dc69e9c9ce74ad25f3a1cc64b49ef6415a9ce1594827d73c3be
                                                                                        • Instruction ID: 369f5fc4fda3ef0cd77938ac5c96ddc267e6fb112783798b274a9c1c84566800
                                                                                        • Opcode Fuzzy Hash: efc52a6713591dc69e9c9ce74ad25f3a1cc64b49ef6415a9ce1594827d73c3be
                                                                                        • Instruction Fuzzy Hash: 71511774D1622ACFDBA4EF24C8587A9BBB5BB89300F1041E9D40DA7291DB748E81CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C3D00, Relevance: .1, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6019d6e79cdb3982547f6b4ecb46fe3ea9d4cb255f5b17889b7f6369859ab528
                                                                                        • Instruction ID: 46b95aeab2cffde2bc4221ba80b9e087e150334bd0f3a38602d5efd9ad84471a
                                                                                        • Opcode Fuzzy Hash: 6019d6e79cdb3982547f6b4ecb46fe3ea9d4cb255f5b17889b7f6369859ab528
                                                                                        • Instruction Fuzzy Hash: 6C51B0B4D01259DFDB08DFA6D8487EEBBB2FF88304F208029D415A7294D7795A86CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C3CF0, Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ed099ab94b9188646db381c75b407fea8f619a448bc88e311cc413a6f40d557c
                                                                                        • Instruction ID: 5b1ab4a5879be9a0447c3f9f24de9a5f68570978d3f35a15ea215a5385811cf0
                                                                                        • Opcode Fuzzy Hash: ed099ab94b9188646db381c75b407fea8f619a448bc88e311cc413a6f40d557c
                                                                                        • Instruction Fuzzy Hash: CB41E1B4D012489FDB08DFA5D8547EEBFB2FF89304F24806AE805A7264DB755A46CF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 062840B9, Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e063d04467e557740e56b9d9e2563b3aa908a8846ed0ff9928c0380ffac33e9b
                                                                                        • Instruction ID: 69eaf48e9749f22db57254e288b60cabc6ce6438c966a9cad167f23661f94a98
                                                                                        • Opcode Fuzzy Hash: e063d04467e557740e56b9d9e2563b3aa908a8846ed0ff9928c0380ffac33e9b
                                                                                        • Instruction Fuzzy Hash: 95313C74D2A229CFDBA4EF24D8447EDB7F4AB5A300F0090EAC809A3295D7744E90CF84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06281B52, Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9d663b22a308fa9bbee5a61166bebb0d62d3f7b4442920b2a99376cb76608a83
                                                                                        • Instruction ID: d24927efea2ea6e1d674409b7cd0a2799f8d86d51d0e04ac6ab964f5ec631146
                                                                                        • Opcode Fuzzy Hash: 9d663b22a308fa9bbee5a61166bebb0d62d3f7b4442920b2a99376cb76608a83
                                                                                        • Instruction Fuzzy Hash: 93213974D5A259CFDBA0EF28C8486A9B7B5FB4A300F1085EAD40DA72D1DB319D86CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 024D0724, Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279760356.00000000024D0000.00000040.00000040.sdmp, Offset: 024D0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: beb591a9e1af9bf763f2f741cf8af01f6c6442e5a60adf3c5af6f0c0ff5f4009
                                                                                        • Instruction ID: ab508b6675c6de61f75ba85dbabe4d00d3ae389cc9c27dc954c5f00b0dc456df
                                                                                        • Opcode Fuzzy Hash: beb591a9e1af9bf763f2f741cf8af01f6c6442e5a60adf3c5af6f0c0ff5f4009
                                                                                        • Instruction Fuzzy Hash: 58214C3550D7C48FD707CB20C860B55BFB1AB47204F1986DFD8899F663C23A990ADB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 066E1C60, Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288192859.00000000066E0000.00000040.00000001.sdmp, Offset: 066E0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dba47de19277b9017ee95672593256264ab7c8151d284d5a2f68a724005ecc1e
                                                                                        • Instruction ID: e03a74a94ddfd1f79f25f66affa780efd13734a68768c325773110f5ddb894c5
                                                                                        • Opcode Fuzzy Hash: dba47de19277b9017ee95672593256264ab7c8151d284d5a2f68a724005ecc1e
                                                                                        • Instruction Fuzzy Hash: 4811B7B5908341AFD340CF19D880A5BFBE4FB88664F14896EF898D7311D235EA148FA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 024D075C, Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279760356.00000000024D0000.00000040.00000040.sdmp, Offset: 024D0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6037b7da25ba97ded2a76159948d34336d95599e2625248f970fac54c9b6f202
                                                                                        • Instruction ID: 4907cd7a1a3a6badbed67a1a4db3a70fca08096f3387cdce513b143b9e1a103e
                                                                                        • Opcode Fuzzy Hash: 6037b7da25ba97ded2a76159948d34336d95599e2625248f970fac54c9b6f202
                                                                                        • Instruction Fuzzy Hash: 0E110334204645DFD705CB24C990B26FBA5EB88708F24C9AEE9491B752C77BD803CE51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006AADBC, Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279273647.00000000006A2000.00000040.00000001.sdmp, Offset: 006A2000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8c6aa257de33475ad6fd9d377212ff8be78fc2c3936b6ba370632368b2a7ca82
                                                                                        • Instruction ID: 2064ac4c856cf56ecc34ba1619cb3a2118017edf08edad7ba6b19bac76996889
                                                                                        • Opcode Fuzzy Hash: 8c6aa257de33475ad6fd9d377212ff8be78fc2c3936b6ba370632368b2a7ca82
                                                                                        • Instruction Fuzzy Hash: 3D11FAB5608305AFD350CF19DC80A5BFBE8EB88660F14892EFD9997311D231E9048FA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 066E1B04, Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288192859.00000000066E0000.00000040.00000001.sdmp, Offset: 066E0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 65f2823556bfdd9a2b20fe2ef5d003a2301ac6a6eef71c3bedfa3ddabd0f18c5
                                                                                        • Instruction ID: b6e755f8506881a5d424fe745fe0b7654da653248aac90415b5e05ed3c1f178f
                                                                                        • Opcode Fuzzy Hash: 65f2823556bfdd9a2b20fe2ef5d003a2301ac6a6eef71c3bedfa3ddabd0f18c5
                                                                                        • Instruction Fuzzy Hash: C211FAB5508305AFD350CF19DC80A5BFBE8EB88660F14892EFD9997311D231E9048FA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06284170, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 18d70956a847d2b4b981ae8b3c46fbf856aa6e7e3aaf05e686da9d475c585e5c
                                                                                        • Instruction ID: af54cd5e036a7fc7963c7fc84a810a0e774b0550d52366dc4a5eb32560d6274d
                                                                                        • Opcode Fuzzy Hash: 18d70956a847d2b4b981ae8b3c46fbf856aa6e7e3aaf05e686da9d475c585e5c
                                                                                        • Instruction Fuzzy Hash: EB110374D2A22ACFDF64EF24D8442E8B7F0BB4A310F0051EAC849A7295D7741A90CF84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 024D05CF, Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279760356.00000000024D0000.00000040.00000040.sdmp, Offset: 024D0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e8435dea7f9899c91daacd535add28f7c118137e3a4bd9fcdb2810f221adbfe
                                                                                        • Instruction ID: 920d1da1b6c692d3b80b43139352dc8b53f91c78a0be34cbc0d761ed147d058b
                                                                                        • Opcode Fuzzy Hash: 6e8435dea7f9899c91daacd535add28f7c118137e3a4bd9fcdb2810f221adbfe
                                                                                        • Instruction Fuzzy Hash: 980186B650D3805FD7128F16DC55863FFA8DF86630709C4AFEC8D8B612D125A949CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0628579E, Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1108960dba3fc4d976f2bdcc6215bf46c5057c9a0ec0c1cca95d45a1025e130b
                                                                                        • Instruction ID: 8b1443999ce5226c086ba9dc88681bb219fdc2b817245521163a5f2361850ea3
                                                                                        • Opcode Fuzzy Hash: 1108960dba3fc4d976f2bdcc6215bf46c5057c9a0ec0c1cca95d45a1025e130b
                                                                                        • Instruction Fuzzy Hash: 9101A578E29318CFDB90DF24E8407A9B7B5FB4A210F1091D5D949A7781E7705E81CF92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C3F39, Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54fc4a952ced5e4dcbd307c2da87b25b7684875686e13322b26c332647ae51d5
                                                                                        • Instruction ID: af2b269bbc801ce0231cc2337ec36d529765370b4b3869542fdb63fc7353db58
                                                                                        • Opcode Fuzzy Hash: 54fc4a952ced5e4dcbd307c2da87b25b7684875686e13322b26c332647ae51d5
                                                                                        • Instruction Fuzzy Hash: 37011D74D04208DFCB04EFA9D894AADBBB2FF59300F1095A9EC0597355DB706A41DF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06281133, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 20d5dddc7058e2268d2c129cf1cf1a0c52fd287f8d68500427ffef4c43b84ee0
                                                                                        • Instruction ID: 4ad58b0caa6298b568a0ed2c21178ed4ad58507a59a38155a0ba5ab07064a6fe
                                                                                        • Opcode Fuzzy Hash: 20d5dddc7058e2268d2c129cf1cf1a0c52fd287f8d68500427ffef4c43b84ee0
                                                                                        • Instruction Fuzzy Hash: E701B370905258CFCBA5EF28C84569AB7B6FB85310F2041EA944DA7295DB709E81CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 024D0818, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279760356.00000000024D0000.00000040.00000040.sdmp, Offset: 024D0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                                        • Instruction ID: a08619a4430ae1c473683572571c3cd53c8965cee31427faa3d811426330af5d
                                                                                        • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                                        • Instruction Fuzzy Hash: B9F01935248645DFC706CF40D980B26FBA6EB89718F24C6ADE9490B762C337E813DE81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0628576B, Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 846af76e131b46b074816d2591b60ec1955a7dd025db094d475eb4b5bb306a59
                                                                                        • Instruction ID: c07bf8334b20692f9ace2bf254615d5109122c6dedfdc520a1b24b3abab95363
                                                                                        • Opcode Fuzzy Hash: 846af76e131b46b074816d2591b60ec1955a7dd025db094d475eb4b5bb306a59
                                                                                        • Instruction Fuzzy Hash: 35F0B678D29318DFDB90DF58C8407ADBBB5FB09210F109195D809A7285E7705A41CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0628627A, Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bf55615e00d217e0276534d76e0dcd5046edfc5384a663dc04dbf83d821a1eac
                                                                                        • Instruction ID: e5fe30365a0d6cb9b25cd5c409e14de3a336887fc06e3146d36cf2be96a69794
                                                                                        • Opcode Fuzzy Hash: bf55615e00d217e0276534d76e0dcd5046edfc5384a663dc04dbf83d821a1eac
                                                                                        • Instruction Fuzzy Hash: 9BF0A03080E345AFC741EB64ED19AA9BF79EB07301F0452D9D805A3693EBB96950CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 024D05F6, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279760356.00000000024D0000.00000040.00000040.sdmp, Offset: 024D0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 337ad01ee9a63e086a67a6bbd1eece18b9862703e9cd614a4cd52e3fa7b34295
                                                                                        • Instruction ID: 960cd6689d3526f1151a2a5aa3be236b67ae7a8501efde1df3fc4eb3ff363516
                                                                                        • Opcode Fuzzy Hash: 337ad01ee9a63e086a67a6bbd1eece18b9862703e9cd614a4cd52e3fa7b34295
                                                                                        • Instruction Fuzzy Hash: C2E092B66046044BD650CF0AEC81462F7D8EB84631718C47FDC0D8B711D139B504CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006AAE0B, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279273647.00000000006A2000.00000040.00000001.sdmp, Offset: 006A2000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 572eb23009648600e7dfd71111666eb3199a42cf5ad944f6a012a1cd449e118e
                                                                                        • Instruction ID: 8d10fd78cf8ab4098fc6078b34de071c096181d2d42988d611c70afb7d792b20
                                                                                        • Opcode Fuzzy Hash: 572eb23009648600e7dfd71111666eb3199a42cf5ad944f6a012a1cd449e118e
                                                                                        • Instruction Fuzzy Hash: C6E0D8B25412046BD2508E0ADC81B22FB58DB80A30F14C567ED0D1B302D175B5148AF1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 066E1577, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288192859.00000000066E0000.00000040.00000001.sdmp, Offset: 066E0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41ac39e8686a3e3562504726e849abb0790fc63431da90c4cddaffa58718c676
                                                                                        • Instruction ID: 1d79e5dfe5a82c8bcbd164b09d8bf74f75eebb9c3aef18e1ac4d446620c9116f
                                                                                        • Opcode Fuzzy Hash: 41ac39e8686a3e3562504726e849abb0790fc63431da90c4cddaffa58718c676
                                                                                        • Instruction Fuzzy Hash: 93E0DFB29512046BD250DE0AEC82B23FF98EB80A30F18C46BED0D5F302E176B514CAF1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 066E1CCB, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288192859.00000000066E0000.00000040.00000001.sdmp, Offset: 066E0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9deedecc4f9cdea34d27c0c3c514ef8d8684506ccd69e79af80072d8d5db97dc
                                                                                        • Instruction ID: 3c07a76857520558ba121c746fc177b1ce62e0da4144b52394ad69f06e4eeee8
                                                                                        • Opcode Fuzzy Hash: 9deedecc4f9cdea34d27c0c3c514ef8d8684506ccd69e79af80072d8d5db97dc
                                                                                        • Instruction Fuzzy Hash: FDE0DFB29512046BD2508E0AEC82B22FF9CEB84A30F18C46BED0C1F302E076B5148AF1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 066E1B53, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288192859.00000000066E0000.00000040.00000001.sdmp, Offset: 066E0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c4c9c7e93b54f6ce73250d356033b73cb0e1809737f0bd17a8ebc21411600419
                                                                                        • Instruction ID: 10e42e508451ef113573d22ae733a0295dc4ab555a74765199405943580e5392
                                                                                        • Opcode Fuzzy Hash: c4c9c7e93b54f6ce73250d356033b73cb0e1809737f0bd17a8ebc21411600419
                                                                                        • Instruction Fuzzy Hash: E9E0D8B25412046BD2509F0ADC81B23FF98DB40A30F14C567ED0D1F302D176B5148AF1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C5459, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aeaa0f59586992a2a046be6f075dbe681b3aca5cb5a639e15e100a397128fc38
                                                                                        • Instruction ID: e987da25de40d118a20c0ef87504b2411c684d9f21c1dbff40244c47764a1e5d
                                                                                        • Opcode Fuzzy Hash: aeaa0f59586992a2a046be6f075dbe681b3aca5cb5a639e15e100a397128fc38
                                                                                        • Instruction Fuzzy Hash: 04F0157090D288AFCB05DFA8D84499DBFB5EF4B301F1481EED849E7662C2706A84DF15
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06287CC6, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7ff9b0319a8b775807b42ea141b8c1100f64429ee6545a2773ae20ff014e274e
                                                                                        • Instruction ID: 3cd5bf0988645ab2367cdce4267e22a4a2e3dcdf60f4753f9cc27684bbfd25aa
                                                                                        • Opcode Fuzzy Hash: 7ff9b0319a8b775807b42ea141b8c1100f64429ee6545a2773ae20ff014e274e
                                                                                        • Instruction Fuzzy Hash: A2F06D75D14228AFDB60DF90CC41BECBBB8AB09310F1090D6E209E62C1DB701B84DF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06286288, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 64e95ea57577b3367f47697856f60b225e409bf632a094111e58ca543635541c
                                                                                        • Instruction ID: f2c4c1809a9da3f70c74be68a974c159963e960658b5f405ace8299185ea535b
                                                                                        • Opcode Fuzzy Hash: 64e95ea57577b3367f47697856f60b225e409bf632a094111e58ca543635541c
                                                                                        • Instruction Fuzzy Hash: 75E04F30915208DFDB50FF60DD09AADBB75EB4B702F1060E4DC0563295EBB52950CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008CE49B, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 144f9a5c05a9381c005516d655bd9509046f90ab63ab2b1c5ad99c278ea1f89b
                                                                                        • Instruction ID: a8aa65bbaf081d7f9a829f346621d69c733655952fd7f7da4668b5386c694a5a
                                                                                        • Opcode Fuzzy Hash: 144f9a5c05a9381c005516d655bd9509046f90ab63ab2b1c5ad99c278ea1f89b
                                                                                        • Instruction Fuzzy Hash: 71E07574D5830D8FCB119BA88450AADBBF8FF2A304F646529D05AEB302D63494429B45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06286248, Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e20baf6308794f4bd4472943012cd26ed6ba75c38191786e2196fc285fb6dcd6
                                                                                        • Instruction ID: c77aea95551e998748a75b4acab9a17b75d6f248f03478a56ca05309ea13d3a3
                                                                                        • Opcode Fuzzy Hash: e20baf6308794f4bd4472943012cd26ed6ba75c38191786e2196fc285fb6dcd6
                                                                                        • Instruction Fuzzy Hash: 85D05E3090928A5BEB119F31E84452CFFB0EB4A311F1482CFCC8427582EB725490C750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006923F4, Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279255322.0000000000692000.00000040.00000001.sdmp, Offset: 00692000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: db8391c2c43d58d702427f14fbcfe419251f3a1afa75f11a2677d447aec3eabc
                                                                                        • Instruction ID: 3aace7257369a3670533dcfa7a3cd29f6cede23f191f1f03f4c90660df06a1d2
                                                                                        • Opcode Fuzzy Hash: db8391c2c43d58d702427f14fbcfe419251f3a1afa75f11a2677d447aec3eabc
                                                                                        • Instruction Fuzzy Hash: F5D05E79205A825FD7268A1CC1B8B953BD9EF61B04F4644F9E8008BB63C368D9D1D200
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006923BC, Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279255322.0000000000692000.00000040.00000001.sdmp, Offset: 00692000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ca90cc523fd651882c147df8be38cada5a383173ab47ea2ecd90912ab0d3e2c4
                                                                                        • Instruction ID: 8dc77342a3d9b1a5687f950ebffc1fe45c1c20782c104fc4bae479766757cb19
                                                                                        • Opcode Fuzzy Hash: ca90cc523fd651882c147df8be38cada5a383173ab47ea2ecd90912ab0d3e2c4
                                                                                        • Instruction Fuzzy Hash: B2D05E342012824BCB15DB1CC1A4F9937D9AB41B00F0644E9AC008B762C3A8EC81C600
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 06282CA7, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.288087677.0000000006280000.00000040.00000001.sdmp, Offset: 06280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 209ecfe8bf5d9f218aad4fb8e41ecf9bd270c467969709da015d2fd1f4e799cc
                                                                                        • Instruction ID: d8e961ee563bb27f22c4c4510e2d46628c7c9363d0f4bd3048ed0248e7d323fb
                                                                                        • Opcode Fuzzy Hash: 209ecfe8bf5d9f218aad4fb8e41ecf9bd270c467969709da015d2fd1f4e799cc
                                                                                        • Instruction Fuzzy Hash: 37D06C70D05658CFCBA5DF24C8846D8BBB6AB59305F6041D98508AA350DBB45AC4CF80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 008C7C0F, Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 9
                                                                                        • API String ID: 0-2366072709
                                                                                        • Opcode ID: a504f1e694a39140046158998fca50d210369230276683d3dd329174003aa2d9
                                                                                        • Instruction ID: 1e0150b531c3d772f83dd13d49aa4d39882b1538f3e2d03b939325b339eaaca5
                                                                                        • Opcode Fuzzy Hash: a504f1e694a39140046158998fca50d210369230276683d3dd329174003aa2d9
                                                                                        • Instruction Fuzzy Hash: 5291AEB0E006298BCBA4DF29CD85788BBF1EF4A300F1181E9D14CA6255EB319ED5CF16
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C5EB1, Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Lyj
                                                                                        • API String ID: 0-3579569999
                                                                                        • Opcode ID: 24325dcc58e0df866a9f2730b1fc44380fa757aabcced8da7517ba76a1bea047
                                                                                        • Instruction ID: 3354168a89bd7e1ce02893faa88cae4b7747bc2e77359269c48e8f55cd65007b
                                                                                        • Opcode Fuzzy Hash: 24325dcc58e0df866a9f2730b1fc44380fa757aabcced8da7517ba76a1bea047
                                                                                        • Instruction Fuzzy Hash: 7F512970A04609CFDB44EF69E95078DBFF7FB89304F24C0AAD104AB269EB7169058F51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C5F0A, Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Lyj
                                                                                        • API String ID: 0-3579569999
                                                                                        • Opcode ID: 305f029a3e0d0c81ea8989689fd2410968efc71e4a6102a8c1113f31c3e63daf
                                                                                        • Instruction ID: 09319a8b9c725bbec76eca39c0868a03a031b841d49075d5761bfdc2598a48e2
                                                                                        • Opcode Fuzzy Hash: 305f029a3e0d0c81ea8989689fd2410968efc71e4a6102a8c1113f31c3e63daf
                                                                                        • Instruction Fuzzy Hash: 7A514870A0460ACFDB44EF6AE95079DBFF7FB89304F24C069D1049B269EBB168058F51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C5F10, Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Lyj
                                                                                        • API String ID: 0-3579569999
                                                                                        • Opcode ID: 5c1e613c2677da4e68fdd4c29550aa796a54482abf7796c5766eaeda1d184d65
                                                                                        • Instruction ID: aa9f3c2718b8a14fe3abda6faa7716d5a81f932fedd318c1bd0e3b064651ba4d
                                                                                        • Opcode Fuzzy Hash: 5c1e613c2677da4e68fdd4c29550aa796a54482abf7796c5766eaeda1d184d65
                                                                                        • Instruction Fuzzy Hash: DF514770A0460ACBDB44EF6AED5078DBFF7FB89304F24C069D10897269EBB168058F91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 008C6149, Relevance: .1, Instructions: 111COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.279412605.00000000008C0000.00000040.00000001.sdmp, Offset: 008C0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b6801e42394c8ccc4cb621d878e09fa71c1f9ac821dc73d3ccf1c873d07ac0b4
                                                                                        • Instruction ID: bfecb2812b25ff1873cc1d64ddb3177090e51f3a53e20994c150aa9cb0dd84f5
                                                                                        • Opcode Fuzzy Hash: b6801e42394c8ccc4cb621d878e09fa71c1f9ac821dc73d3ccf1c873d07ac0b4
                                                                                        • Instruction Fuzzy Hash: CA414AB1D046188BEB58CF6B8C4479AFAF3AFC9300F18C1BA854CAA215DB3049868F55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Analysis Process: RegSvcs.exe PID: 4544 Parent PID: 4828 RegSvcs.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 0294B738, Relevance: 2.2, Strings: 1, Instructions: 910COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: r
                                                                                        • API String ID: 0-1812594589
                                                                                        • Opcode ID: 37ed61fc5b56f2a0f10c596b21aea7262714ecec14f7d7643a2cbbfed05f228d
                                                                                        • Instruction ID: 2eb347b46370572ea68e01ef1ce349fd8154b27a3e7e92c2b4cd5976e1fe28ae
                                                                                        • Opcode Fuzzy Hash: 37ed61fc5b56f2a0f10c596b21aea7262714ecec14f7d7643a2cbbfed05f228d
                                                                                        • Instruction Fuzzy Hash: BE822871A0060ADFCB14CF59C494AADBBB2FF88314F258669D51AAB751DB30F941CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF2AF6, Relevance: 1.6, APIs: 1, Instructions: 79networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • bind.WS2_32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF2B87
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: bind
                                                                                        • String ID:
                                                                                        • API String ID: 1187836755-0
                                                                                        • Opcode ID: 9a13f41cd7d5d206f47b67eb560c2e4315377c2dbbee660e4ad719eea370bf95
                                                                                        • Instruction ID: af48bc101b6273e89e151616f570a7fd03912660bbdf4c26d4d9a55f3e77b3eb
                                                                                        • Opcode Fuzzy Hash: 9a13f41cd7d5d206f47b67eb560c2e4315377c2dbbee660e4ad719eea370bf95
                                                                                        • Instruction Fuzzy Hash: D0217CB55093846FE712CF65DC84F96BFA8EF46210F0884EBEA849F192D365A508CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF13BF, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • AdjustTokenPrivileges.KERNELBASE ref: 04EF143F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: AdjustPrivilegesToken
                                                                                        • String ID:
                                                                                        • API String ID: 2874748243-0
                                                                                        • Opcode ID: 8802c9bdbe205b62ac6e16b8f897d6b579f18dcc44a2f81c8eb5823ba992a3db
                                                                                        • Instruction ID: b592e840756a24c11f71a0bea61e75fd4bd9cd220e151569bdfc4ca76f62fd15
                                                                                        • Opcode Fuzzy Hash: 8802c9bdbe205b62ac6e16b8f897d6b579f18dcc44a2f81c8eb5823ba992a3db
                                                                                        • Instruction Fuzzy Hash: 5A21A1755097849FDB128F25DC40B52BFF4EF16314F0985EAE9858F163D274A908CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF17FB, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04EF1871
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InformationQuerySystem
                                                                                        • String ID:
                                                                                        • API String ID: 3562636166-0
                                                                                        • Opcode ID: e2ab48d343b0a53572d8f34428a4c45e84e3410d1f525072c59782094c325358
                                                                                        • Instruction ID: d6e70c7c5a02a02a71678825e3a28d99aa1dc55f03ad0fac6a27e31127b2c32f
                                                                                        • Opcode Fuzzy Hash: e2ab48d343b0a53572d8f34428a4c45e84e3410d1f525072c59782094c325358
                                                                                        • Instruction Fuzzy Hash: A621AE764097C4AFDB238F20DC41A52FFB4EF16214F0980DBE9844B1A3E265A909CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF2B26, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • bind.WS2_32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF2B87
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: bind
                                                                                        • String ID:
                                                                                        • API String ID: 1187836755-0
                                                                                        • Opcode ID: b0ee1534893f5d78bcbd60679667963e000690e9ceaa1f0770d7453d646746ff
                                                                                        • Instruction ID: 2ef10b7b6a7592bec5608cb5d6d9caa9e079c5afd50c795326be2f3dabdf9c4b
                                                                                        • Opcode Fuzzy Hash: b0ee1534893f5d78bcbd60679667963e000690e9ceaa1f0770d7453d646746ff
                                                                                        • Instruction Fuzzy Hash: CD11BFB1910204AFEB20CF65DC84FA6FBA8EF44320F1494AAEF499B241D775A504CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1541, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 04EF15AD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InformationProcess
                                                                                        • String ID:
                                                                                        • API String ID: 1801817001-0
                                                                                        • Opcode ID: 3dee6e39c99cd6157fe5c8cb0be02419eca2bc87142f5bdaa35f490e8f5e3133
                                                                                        • Instruction ID: 582fc5f6b025fcf0121adb4273f453c05ba46781b90d6495443bea218f3e935d
                                                                                        • Opcode Fuzzy Hash: 3dee6e39c99cd6157fe5c8cb0be02419eca2bc87142f5bdaa35f490e8f5e3133
                                                                                        • Instruction Fuzzy Hash: 191190724093C49FDB228F25DC45A52FFB4EF16324F0980DAED854F263D275A918CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF13F6, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • AdjustTokenPrivileges.KERNELBASE ref: 04EF143F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: AdjustPrivilegesToken
                                                                                        • String ID:
                                                                                        • API String ID: 2874748243-0
                                                                                        • Opcode ID: 0f928f9d6e99ea69c6b1da5b24b2869f50a7c674eb7fc591c5075bcef4240b0e
                                                                                        • Instruction ID: 50a5a2864c4721c2756875beb206993b541d1bb48d60e4b309136c8255940975
                                                                                        • Opcode Fuzzy Hash: 0f928f9d6e99ea69c6b1da5b24b2869f50a7c674eb7fc591c5075bcef4240b0e
                                                                                        • Instruction Fuzzy Hash: 6E114C756002049FDB20CF65DC44B56FBE4EF44220F08846AEE898B652D375E814DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF161A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemInfo.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF164C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InfoSystem
                                                                                        • String ID:
                                                                                        • API String ID: 31276548-0
                                                                                        • Opcode ID: 1d0295bae702582e153beb26590ac6851b0d09f529a7af6722d8d6b875f9cba1
                                                                                        • Instruction ID: c69f392797a1a3aa86e753d48c4711c5355f3e0d77001bf66936f24f5f55f556
                                                                                        • Opcode Fuzzy Hash: 1d0295bae702582e153beb26590ac6851b0d09f529a7af6722d8d6b875f9cba1
                                                                                        • Instruction Fuzzy Hash: 0801ADB4900244DFDB10CF29D8847A5FFA4EF44221F08D4AADE498F242D278A804CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1572, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 04EF15AD
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InformationProcess
                                                                                        • String ID:
                                                                                        • API String ID: 1801817001-0
                                                                                        • Opcode ID: 0993d2f31429daed4033742a4ca24c7bdf7a0c5ca1ffdea581f936060454092c
                                                                                        • Instruction ID: 13c6871eb744ea45bf2f6e0c7be9107358dad5fd3f5334a036ce43e4f18033d2
                                                                                        • Opcode Fuzzy Hash: 0993d2f31429daed4033742a4ca24c7bdf7a0c5ca1ffdea581f936060454092c
                                                                                        • Instruction Fuzzy Hash: 70017875904208DFDB208F15D884B65FFA4EF48320F08C09AEE8A0A252D275B818DB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1836, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 04EF1871
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InformationQuerySystem
                                                                                        • String ID:
                                                                                        • API String ID: 3562636166-0
                                                                                        • Opcode ID: 0993d2f31429daed4033742a4ca24c7bdf7a0c5ca1ffdea581f936060454092c
                                                                                        • Instruction ID: 4b3862e7b23deadc8119f98b2a68a2876770b2ac58afb502fdb84d7b2161c79f
                                                                                        • Opcode Fuzzy Hash: 0993d2f31429daed4033742a4ca24c7bdf7a0c5ca1ffdea581f936060454092c
                                                                                        • Instruction Fuzzy Hash: AB018B35900644DFDB208F15DD84B65FFA0EF48720F08C49ADE890B252E275A818DBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948E68, Relevance: .5, Instructions: 505COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bcc72c1898092a28be6fe5b6d3ba65286de116fe8edb1dcb2fea79900ec7860d
                                                                                        • Instruction ID: 3ddff9084357d79bf0544e20bb7c905ce26d3c5c4f54ae67197cafcd30b7d654
                                                                                        • Opcode Fuzzy Hash: bcc72c1898092a28be6fe5b6d3ba65286de116fe8edb1dcb2fea79900ec7860d
                                                                                        • Instruction Fuzzy Hash: 37129D31A10215DFDB24DF69C884B6EBBF2BB88304F648A69E4169B354DF75D881CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029423A0, Relevance: .5, Instructions: 505COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 374241789345420196f0acbb6a5b858ef04b32304770613e9ad7ed70811bea13
                                                                                        • Instruction ID: 9f9ab062f0015464139b5a865050c2e65a2854fe5c82dee04561a627ea0eb0c1
                                                                                        • Opcode Fuzzy Hash: 374241789345420196f0acbb6a5b858ef04b32304770613e9ad7ed70811bea13
                                                                                        • Instruction Fuzzy Hash: E712AC31E00215CFDB24DF69C890A6DBBF2FB88314F54866AE806DB395EB74D945CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02949A68, Relevance: .2, Instructions: 239COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2fbafeafaf9f7578b1493cbdaa6a5d3073c08042cac596e06d897edf19f8cbfd
                                                                                        • Instruction ID: e68017573b3f1e87d59085c5908e7aa52dff7f0adc05839af9788c87cefac15b
                                                                                        • Opcode Fuzzy Hash: 2fbafeafaf9f7578b1493cbdaa6a5d3073c08042cac596e06d897edf19f8cbfd
                                                                                        • Instruction Fuzzy Hash: 86814C72F011159BDB14DB69D880AAEBBE3AFC8314F2A8565E4069B355DE319D01CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02942FA8, Relevance: .2, Instructions: 239COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2529c266aa8339a8efd5c11197ca2adb6c0cf2e25ffd2ed11c6830a18f0f9a2b
                                                                                        • Instruction ID: c145f070e51706466f5fba6b0c0567293c8237c8a7d3d96bf37e7ff14b4d9434
                                                                                        • Opcode Fuzzy Hash: 2529c266aa8339a8efd5c11197ca2adb6c0cf2e25ffd2ed11c6830a18f0f9a2b
                                                                                        • Instruction Fuzzy Hash: 8C815A72F001159BD714DB79D890AAEBBF3AFC8310F2A85B5E416AB355DE31AC01CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02949B2F, Relevance: .2, Instructions: 179COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 34756092f1248e330d9173a2ec66e249ba9430b562075d95f1547d12f6e47e0b
                                                                                        • Instruction ID: de244ee8257f777d8018cb6444481511f135ab5429d29a425e2dcbd02d0991ec
                                                                                        • Opcode Fuzzy Hash: 34756092f1248e330d9173a2ec66e249ba9430b562075d95f1547d12f6e47e0b
                                                                                        • Instruction Fuzzy Hash: 2C513D72F015158FD714DB6DC890AAEB7E3AFC4311F2A8175E4199B369DE30ED018B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948918, Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1522367a56b0ecc31e7f3fc4d4149b0d90d45b4c14559414bee49f5cf4ad9ed9
                                                                                        • Instruction ID: 7a0a19fd527520c884b64dfcecec04d806a2d17d6200b1e7699d47be7a46f776
                                                                                        • Opcode Fuzzy Hash: 1522367a56b0ecc31e7f3fc4d4149b0d90d45b4c14559414bee49f5cf4ad9ed9
                                                                                        • Instruction Fuzzy Hash: 7C018C3AC05244EFC301EF70E968BA9BFB5EB4F301F04599AD546A3350EB708909CB45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAAF50, Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00DAAFEA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: 8c4c13313922533fb7c72dddf90323f5eaa140c35083ccf84a998a8161af1c68
                                                                                        • Instruction ID: 99a86ed37636076c5c958595aac2a18ebfde6e8f1e3b2d318dcca51e5de10092
                                                                                        • Opcode Fuzzy Hash: 8c4c13313922533fb7c72dddf90323f5eaa140c35083ccf84a998a8161af1c68
                                                                                        • Instruction Fuzzy Hash: 6541C475509380AFD7128B25DC45B62BFB4EF47620F0981DBEC858F653D224A919CBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF2908, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • getaddrinfo.WS2_32(?,00000E2C), ref: 04EF29EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: getaddrinfo
                                                                                        • String ID:
                                                                                        • API String ID: 300660673-0
                                                                                        • Opcode ID: d7ce5c8c07218e9899561a19d5b20d85494c4ab4104dc8f54ef31a72e0521df1
                                                                                        • Instruction ID: 9ef265fd7ff157cb49ccad058d537e42a5067ab67d4765207ca6c749a1cb48d5
                                                                                        • Opcode Fuzzy Hash: d7ce5c8c07218e9899561a19d5b20d85494c4ab4104dc8f54ef31a72e0521df1
                                                                                        • Instruction Fuzzy Hash: F731D4B25043406FEB228B64DC85FA6BFBCEF05310F14859AFA849F192D775A909CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1E9B, Relevance: 1.6, APIs: 1, Instructions: 104networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Socket
                                                                                        • String ID:
                                                                                        • API String ID: 38366605-0
                                                                                        • Opcode ID: 3b178b56e88f4c72770b8c274e3e8629894bc5ca21bd1506f5de494f4f68d1ae
                                                                                        • Instruction ID: 56ba14c63702055aa4353f9d3475318934b6b4cb97ac389f74fa523491c2a188
                                                                                        • Opcode Fuzzy Hash: 3b178b56e88f4c72770b8c274e3e8629894bc5ca21bd1506f5de494f4f68d1ae
                                                                                        • Instruction Fuzzy Hash: 3B315E7140D7C4AFE7238F659C54B56BFB4EF06210F0984DBE9849F1A3D365A809CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1AAC, Relevance: 1.6, APIs: 1, Instructions: 101registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 04EF1B7E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: 7ca675c5c66e1e83ceb5fd5628b62f40cb4b51993f62e6df0ab87f07daafcbb3
                                                                                        • Instruction ID: 83abf3fe2941154825d588005316bd515090282fe5e16d96aa3bef989c30813e
                                                                                        • Opcode Fuzzy Hash: 7ca675c5c66e1e83ceb5fd5628b62f40cb4b51993f62e6df0ab87f07daafcbb3
                                                                                        • Instruction Fuzzy Hash: 9A31696540E3C06FD3138B358C61A61BFB4EF47614B0E81CBE884CF5A3E569690AC7B2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0EB8, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04EF0F5B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 737cbd513a8571e4390d5b5ae17c4f7f06732d993d4ee37a55fee5aed2d12c9c
                                                                                        • Instruction ID: 7136d16911b083077c72ebdddbdcfcf8323f1b3cb3de882a2afc7be1231aac99
                                                                                        • Opcode Fuzzy Hash: 737cbd513a8571e4390d5b5ae17c4f7f06732d993d4ee37a55fee5aed2d12c9c
                                                                                        • Instruction Fuzzy Hash: 6D31C4725043446FEB228F65DC44F67BFACEF05310F0888AAF985CB152D364A419DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExA.KERNEL32(?,00000E2C), ref: 04EF045E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: 88f2d845781958d01cceb6b565733fb283cddeb764a716135f74dcc2e13ad6f4
                                                                                        • Instruction ID: 839c3a29e35d1c65528b4aee761badfb27a9fc081d3a11da7f38824704743470
                                                                                        • Opcode Fuzzy Hash: 88f2d845781958d01cceb6b565733fb283cddeb764a716135f74dcc2e13ad6f4
                                                                                        • Instruction Fuzzy Hash: 6131C4B1004344AFE7228F24CC41FA6FFB8EF05314F04859EFA859B192D3A5A949CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0C58, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTempFileNameW.KERNEL32(?,00000E2C,?,?), ref: 04EF0D1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileNameTemp
                                                                                        • String ID:
                                                                                        • API String ID: 745986568-0
                                                                                        • Opcode ID: 80cd19d900a8faebbaec7d3e886c84edc900bb614f29f802483c9e3dc9f7f9ad
                                                                                        • Instruction ID: 25530478548908c996300dc85184a1b96127292a0264a00b6d217956f52f523a
                                                                                        • Opcode Fuzzy Hash: 80cd19d900a8faebbaec7d3e886c84edc900bb614f29f802483c9e3dc9f7f9ad
                                                                                        • Instruction Fuzzy Hash: 6C314B6150D3C06FD7038B258C51B62BFB4EF47610F0E85DBD9848F5A3D625A819C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF07F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 04EF0899
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: d7456c195f8cfd1614b6d1050ecd629e3dc8d4142f92cad0b8d4909879b97238
                                                                                        • Instruction ID: 430a6f63b13ac4dd5258c97efc23c7a83376db5e056eefa0909bdce66652b485
                                                                                        • Opcode Fuzzy Hash: d7456c195f8cfd1614b6d1050ecd629e3dc8d4142f92cad0b8d4909879b97238
                                                                                        • Instruction Fuzzy Hash: 03316BB1504380AFEB22CF65DC44B66BFE8EF05214F0884AAE9858B252D365F809CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 00DAAAB1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: f9cbf630efc45a21377f486728e5e137857e4aacd9a38ce57d2e5533a36c6a45
                                                                                        • Instruction ID: 8e694e6ab0188eb500568c44dbba016d6d490c7486c07193dbe5c3039ed71208
                                                                                        • Opcode Fuzzy Hash: f9cbf630efc45a21377f486728e5e137857e4aacd9a38ce57d2e5533a36c6a45
                                                                                        • Instruction Fuzzy Hash: 7631B4B25443846FE7228B65CC85FA7BFECEF06310F08859AED819B152D764A909CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0FB9, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetExitCodeProcess.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF105C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CodeExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3861947596-0
                                                                                        • Opcode ID: c899b403a42f4ba0472565910faa9ea3efb6cc1665ea60d7361240ca9f5893a4
                                                                                        • Instruction ID: fecb97a13e63cc83531df55980e04d9723bc24e05d65bbcc5489a30b835aa55c
                                                                                        • Opcode Fuzzy Hash: c899b403a42f4ba0472565910faa9ea3efb6cc1665ea60d7361240ca9f5893a4
                                                                                        • Instruction Fuzzy Hash: 7131D4715093C46FEB128B24DC91F96BFA8EF47710F0984DAE9848F1A3D664A908C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF307B, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FormatMessageW.KERNEL32(?,00000E2C,?,?), ref: 04EF3136
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FormatMessage
                                                                                        • String ID:
                                                                                        • API String ID: 1306739567-0
                                                                                        • Opcode ID: 7908c4b568f041f721e570b5a9f2431a9712a7cc7880e29386da7daa3cdccc7d
                                                                                        • Instruction ID: 64c7654607751760ca844b9c0122205942000d2de4d9a51b60d754bd61ee3429
                                                                                        • Opcode Fuzzy Hash: 7908c4b568f041f721e570b5a9f2431a9712a7cc7880e29386da7daa3cdccc7d
                                                                                        • Instruction Fuzzy Hash: 39316D7650D3C06FD7038B358C65A56BFB4EF47610F1A80DBD9848F2A3E6646909C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateMutexW.KERNEL32(?,?), ref: 04EF019D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateMutex
                                                                                        • String ID:
                                                                                        • API String ID: 1964310414-0
                                                                                        • Opcode ID: b208a2aebe0b8897ca8ecbe4295f8dd3d1f083ec7a4f61094fe640e8e4336c84
                                                                                        • Instruction ID: ce9b89188a0485e2e3165678ae2018eb39dc5436bd1bbf8f0eb9e357374550a9
                                                                                        • Opcode Fuzzy Hash: b208a2aebe0b8897ca8ecbe4295f8dd3d1f083ec7a4f61094fe640e8e4336c84
                                                                                        • Instruction Fuzzy Hash: 52318DB55097806FE712CF65DC84B56BFF8EF06314F0885AAE9848B293D364A909CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 00DAABB4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: f35f69ee04f01b905f7e4231dd16b755034c7ad0508e349e02f1c2fd0fa8ae00
                                                                                        • Instruction ID: ceeebcd57f9744eca71421322c74610f45a2726a29557480bfcebb8bf8f4e413
                                                                                        • Opcode Fuzzy Hash: f35f69ee04f01b905f7e4231dd16b755034c7ad0508e349e02f1c2fd0fa8ae00
                                                                                        • Instruction Fuzzy Hash: 9E31A4755093846FE722CB65CC84F52BFBCEF06310F08859AE985CB192D364E948CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF21FE, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 04EF229B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DescriptorSecurity$ConvertString
                                                                                        • String ID:
                                                                                        • API String ID: 3907675253-0
                                                                                        • Opcode ID: 976054415611a0d0b87352a5602a6b61b14a07776457c6487e8b4903f1f378df
                                                                                        • Instruction ID: 4c1d64b79c4bb482183a596b0b200f3e30fa50f9eadc45fd6097fc7e818d749e
                                                                                        • Opcode Fuzzy Hash: 976054415611a0d0b87352a5602a6b61b14a07776457c6487e8b4903f1f378df
                                                                                        • Instruction Fuzzy Hash: CD21C172504344AFEB21CF65DC84F6ABFACEF45310F0888AAF984DB142D764A908CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF249C, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileView
                                                                                        • String ID:
                                                                                        • API String ID: 3314676101-0
                                                                                        • Opcode ID: a09543d9fc4634c9052906eb3460123d8ed84d3646c8c3ef9dedebbd9973c919
                                                                                        • Instruction ID: 2c80366b956ffd460ed07efe8a79071926f90cb6eb1701fa2cf7d6848a91c29f
                                                                                        • Opcode Fuzzy Hash: a09543d9fc4634c9052906eb3460123d8ed84d3646c8c3ef9dedebbd9973c919
                                                                                        • Instruction Fuzzy Hash: E731C4B2404780AFE722CF55DC85F56FFF8EF05320F04859AE9849B252D365B509CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA120, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00DAA1C2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Startup
                                                                                        • String ID:
                                                                                        • API String ID: 724789610-0
                                                                                        • Opcode ID: e7f8e41b4166aaa06ee3a8c78464cf71f081238402d45824dc8e127af0baa0b0
                                                                                        • Instruction ID: 529f7952cb123d42eceee590007cd637ccb680a55e9913de16aa20faf6b54d48
                                                                                        • Opcode Fuzzy Hash: e7f8e41b4166aaa06ee3a8c78464cf71f081238402d45824dc8e127af0baa0b0
                                                                                        • Instruction Fuzzy Hash: BD31BF7140D3C06FD7028B368C55AA2BFB4EF47620F1985DBD9C48F193D229A919C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF04AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF055C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: bde6837e4a2a3a9017e95b978685b381bdbbab49bd8e16f590458f4c9719e5fd
                                                                                        • Instruction ID: 169a2b3ab0a042c5d1b3abdd060595a68249b4cc1cc92f070653df5ef92a4379
                                                                                        • Opcode Fuzzy Hash: bde6837e4a2a3a9017e95b978685b381bdbbab49bd8e16f590458f4c9719e5fd
                                                                                        • Instruction Fuzzy Hash: 81317F755097806FD722CB65DC84B92BFB8EF06310F0885DAEA859B1A3D264B908DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF2946, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • getaddrinfo.WS2_32(?,00000E2C), ref: 04EF29EB
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: getaddrinfo
                                                                                        • String ID:
                                                                                        • API String ID: 300660673-0
                                                                                        • Opcode ID: a62839f32a00073716e6b4eb40250f26ca88f3dac268d124fe710b951f051f4b
                                                                                        • Instruction ID: 8a507d2c07123ccfd370f1eeb0f2eed8106b92c112cffdd16bbac01adf902c55
                                                                                        • Opcode Fuzzy Hash: a62839f32a00073716e6b4eb40250f26ca88f3dac268d124fe710b951f051f4b
                                                                                        • Instruction Fuzzy Hash: 1F21A3B1500204AEEB21DF65DC85FA6FBACEF04710F14889AFA859A181D775B5058BB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0EDE, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 04EF0F5B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: b7556264f1e85c940ba659749b5352b155c1a829ce5ab04d46e7a46c070a2801
                                                                                        • Instruction ID: c891f37ed5b10c3aa65753785d096ca32c00716991d0b8aef102cffeff9ded5e
                                                                                        • Opcode Fuzzy Hash: b7556264f1e85c940ba659749b5352b155c1a829ce5ab04d46e7a46c070a2801
                                                                                        • Instruction Fuzzy Hash: 2B21A1B2500204AFEB219F65DC84FAAFBACEF04310F14886AEE85DB152D770A5449B71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF02AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExA.KERNEL32(?,00000E2C), ref: 04EF0353
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: 8e23d00246109686a28cd0309aa32de5dc1dea2d153feb79d858caa3633d2907
                                                                                        • Instruction ID: d99dae3938d7c1893a6cd55ff4e1e25aac7f40302fd79fa8513e994594b8ded6
                                                                                        • Opcode Fuzzy Hash: 8e23d00246109686a28cd0309aa32de5dc1dea2d153feb79d858caa3633d2907
                                                                                        • Instruction Fuzzy Hash: 6521A6754093806FE7228F20DC41FA6BFB8EF06310F0884DAE9848B193D265A909C771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF23BA, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • OpenFileMappingW.KERNELBASE(?,?), ref: 04EF2445
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileMappingOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1680863896-0
                                                                                        • Opcode ID: ab06e2abcbc9494b451bb5d4361437ac002feee3bb7a69a373f484bf38f2bc5b
                                                                                        • Instruction ID: 70f3de76bf8e7df4a0e8524b0963bd7d8f3c37a022a48c1221e7dcfe47ddcb56
                                                                                        • Opcode Fuzzy Hash: ab06e2abcbc9494b451bb5d4361437ac002feee3bb7a69a373f484bf38f2bc5b
                                                                                        • Instruction Fuzzy Hash: 6C219FB1505380AFE722CF65CC44F66FFE8EF05210F0884AAEA849B252D375B508CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF08F0, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileType.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF0985
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileType
                                                                                        • String ID:
                                                                                        • API String ID: 3081899298-0
                                                                                        • Opcode ID: e99a08fbd389ea8f8ed76b0815c338e9ed4251c33a7cd258275d89b92f1310ba
                                                                                        • Instruction ID: 30b73b7d013d11987feebee9a691a7551b9ce28e82993e8bf504717bf6a0dc93
                                                                                        • Opcode Fuzzy Hash: e99a08fbd389ea8f8ed76b0815c338e9ed4251c33a7cd258275d89b92f1310ba
                                                                                        • Instruction Fuzzy Hash: 872107B54087806FE7128B25DC40BA2BFB8EF46720F08859BEE848B153D364A909C771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF222A, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 04EF229B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DescriptorSecurity$ConvertString
                                                                                        • String ID:
                                                                                        • API String ID: 3907675253-0
                                                                                        • Opcode ID: b7b23a74c22a29de28f2301440f7e03b4aa39ab0dfeaf5cecee56f8293a4d6dd
                                                                                        • Instruction ID: dd40a073c4675a0d801fc33993325cd4e946e3e55fe546c56c5681ea5b7c9eb9
                                                                                        • Opcode Fuzzy Hash: b7b23a74c22a29de28f2301440f7e03b4aa39ab0dfeaf5cecee56f8293a4d6dd
                                                                                        • Instruction Fuzzy Hash: 1F21A471600204AFEB20DF69DC85BAAFBACEF44310F1488AAEE45DB241D775E5048B71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 04EF0899
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateFile
                                                                                        • String ID:
                                                                                        • API String ID: 823142352-0
                                                                                        • Opcode ID: 93c4d3f4f5e431e00f768a40fb233d159ab4cb36f805168bf9a591986fc9b11c
                                                                                        • Instruction ID: fc6b9f8c85e448d4baa5e66055cff0a11e49af4696276c305171690727df1eeb
                                                                                        • Opcode Fuzzy Hash: 93c4d3f4f5e431e00f768a40fb233d159ab4cb36f805168bf9a591986fc9b11c
                                                                                        • Instruction Fuzzy Hash: E9219075600240AFEB21DF69DC45B66FBE8EF04310F14846AEE858B252D771F404CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF03CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExA.KERNEL32(?,00000E2C), ref: 04EF045E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: 988d3f3ff0c620e9a8832cc0d9af72b493f0b7eedc3ca067a4fec54cd4dc9fc0
                                                                                        • Instruction ID: 21af81f23d9f5fad2c6c9ce9c8f605cd6046a72979e139b48ef1bd98e72bcc81
                                                                                        • Opcode Fuzzy Hash: 988d3f3ff0c620e9a8832cc0d9af72b493f0b7eedc3ca067a4fec54cd4dc9fc0
                                                                                        • Instruction Fuzzy Hash: 22210771500204AFEB31CF15DC81FA6FBACEF04310F00855AFE459A282D6B4B408DBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF09C0, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • setsockopt.WS2_32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF0A51
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: setsockopt
                                                                                        • String ID:
                                                                                        • API String ID: 3981526788-0
                                                                                        • Opcode ID: f8d112eb977c7f1ac0d2718fdeb423b2cd63757645af97b47f6b26f4388e2d5a
                                                                                        • Instruction ID: 367230b50fd92230586eda8ff5fed112c6315f376059d84196b1fd2426c7be19
                                                                                        • Opcode Fuzzy Hash: f8d112eb977c7f1ac0d2718fdeb423b2cd63757645af97b47f6b26f4388e2d5a
                                                                                        • Instruction Fuzzy Hash: D22192715093806FDB22CF65DC44F56BFB8EF06314F08849BEA849F153D264A509CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0B79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegSetValueExW.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF0C10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: 659e03f4d4679f46aeca58ef965622d53869d185cbf039e3e02b85955c78c234
                                                                                        • Instruction ID: 53b7c14ae15c476deaf17299b120680c0cb29d3cb1caa03696ac8e83eb1b4d54
                                                                                        • Opcode Fuzzy Hash: 659e03f4d4679f46aeca58ef965622d53869d185cbf039e3e02b85955c78c234
                                                                                        • Instruction Fuzzy Hash: 62219DB6504740AFEB218F15DC85F57BFB8EF05314F08859AEA859B252D364E808CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF123E, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04EF12BE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: acc1052a8c7aac7e51741cc5b064864258bed057c552b104569640a37f237e7f
                                                                                        • Instruction ID: 711487ddd4132d1002505863b9ac0070b698c90cf630d23e70a1f67fc61b22bf
                                                                                        • Opcode Fuzzy Hash: acc1052a8c7aac7e51741cc5b064864258bed057c552b104569640a37f237e7f
                                                                                        • Instruction Fuzzy Hash: EF2195755093849FE7128F65DC55752BFA8EF16214F0980EFD985CF153D225E808C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExW.KERNEL32(?,00000E2C), ref: 00DAAAB1
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: 9832df9ef47d97ac718f595ef1b645a2768e84ec4040a55b7980b55dfc77c76b
                                                                                        • Instruction ID: f1a37b70493b0540624b21c3d4b88f8999162ae13700d5aa045f30d7ad2fa1ee
                                                                                        • Opcode Fuzzy Hash: 9832df9ef47d97ac718f595ef1b645a2768e84ec4040a55b7980b55dfc77c76b
                                                                                        • Instruction Fuzzy Hash: B82162B2500204AEE721DA59DD85F6AFBECEF04710F14855AED459B241D764E908CA71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateMutexW.KERNEL32(?,?), ref: 04EF019D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateMutex
                                                                                        • String ID:
                                                                                        • API String ID: 1964310414-0
                                                                                        • Opcode ID: 5cbba659ea1a2ca784b662b218c0b76621c44eb8d851df12353e23c5c2014aba
                                                                                        • Instruction ID: 6ebe2c9e6f3774ff109cf5d35231716324224d9e71c97eb7834231d0ee67f963
                                                                                        • Opcode Fuzzy Hash: 5cbba659ea1a2ca784b662b218c0b76621c44eb8d851df12353e23c5c2014aba
                                                                                        • Instruction Fuzzy Hash: 5A21A1B5600244AFE721DF69DC85B6AFBE8EF04310F1485AAEE458B242E774F504CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF10BF, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileA.KERNEL32(?,00000E2C), ref: 04EF114B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 0724dc3462b1086c4ff8536fb73dc788d74f3306a24159d91cd44a4a66cef8a3
                                                                                        • Instruction ID: fa673d667ef5f673ccda7d231ce5cd26b8870e443cd1f8a4611467479ff5a1ae
                                                                                        • Opcode Fuzzy Hash: 0724dc3462b1086c4ff8536fb73dc788d74f3306a24159d91cd44a4a66cef8a3
                                                                                        • Instruction Fuzzy Hash: AB21C371504384AFE7218B25DC85FA6FFA8EF05320F18819AFE859B192D364A948CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CopyFileW.KERNEL32(?,?,?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF0B1E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CopyFile
                                                                                        • String ID:
                                                                                        • API String ID: 1304948518-0
                                                                                        • Opcode ID: d28cfd86814d34177923fcb2b4aace0a0a014a04ffa90710b42d21a156c79f41
                                                                                        • Instruction ID: ee38686d39a62dd155ea05c7774d721bbab36b6d4b127dabfa01a5657ee5046f
                                                                                        • Opcode Fuzzy Hash: d28cfd86814d34177923fcb2b4aace0a0a014a04ffa90710b42d21a156c79f41
                                                                                        • Instruction Fuzzy Hash: 9B2192B15093845FDB22CF25DC55B52BFA8EF56318F0880EAED84DB253D264E908C771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateDirectoryW.KERNEL32(?,?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF079F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory
                                                                                        • String ID:
                                                                                        • API String ID: 4241100979-0
                                                                                        • Opcode ID: ecd194aed63c23885eb9c9e1d5cab845707c78fdc3496215171d7020805f8d13
                                                                                        • Instruction ID: a23b76a507d8cb24693085a28be68661647ad90845fa4ddb9d798418b274bebb
                                                                                        • Opcode Fuzzy Hash: ecd194aed63c23885eb9c9e1d5cab845707c78fdc3496215171d7020805f8d13
                                                                                        • Instruction Fuzzy Hash: B5217F765093809FDB12CF25DC44B56BFE8EF06214F0984EAE985CF293E264A909CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 00DAABB4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: e0dcfb84dd7d1d2b2ec8cb4b8e761d36ef89ab2d367777c9a18242aa099db256
                                                                                        • Instruction ID: 53e8ca6ac3fa6cdaa876e46394bc6f734ce808d110885d9ba055e4ad0231dfeb
                                                                                        • Opcode Fuzzy Hash: e0dcfb84dd7d1d2b2ec8cb4b8e761d36ef89ab2d367777c9a18242aa099db256
                                                                                        • Instruction Fuzzy Hash: A9219375500204AFE720CF69DC80F66FBECEF05710F18855AED458B251D760E804CA72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF23DA, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • OpenFileMappingW.KERNELBASE(?,?), ref: 04EF2445
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileMappingOpen
                                                                                        • String ID:
                                                                                        • API String ID: 1680863896-0
                                                                                        • Opcode ID: cbf7c73bdaa3bf74b95ec5e7c9eafc868fd5694bab82ac96bb18c9ef2499b55a
                                                                                        • Instruction ID: 3fbb8072080e04a531d224022d64a5d03d5d96f42a3a3f2783662c676f0f042f
                                                                                        • Opcode Fuzzy Hash: cbf7c73bdaa3bf74b95ec5e7c9eafc868fd5694bab82ac96bb18c9ef2499b55a
                                                                                        • Instruction Fuzzy Hash: D32193B1600240AFE721DF65DC45B66FBE8EF44310F1484AAEE499B241D7B5B404CA75
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF148C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF14F8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: 727f46e6b01c4ae00281ee3763b1dffdf7884a0cc755abbf86d175ed50e7543b
                                                                                        • Instruction ID: a0b55112cca20e9d5a636ecd7f406fd87653abbaf0829f7ee36f5777b1dff297
                                                                                        • Opcode Fuzzy Hash: 727f46e6b01c4ae00281ee3763b1dffdf7884a0cc755abbf86d175ed50e7543b
                                                                                        • Instruction Fuzzy Hash: 562181765093C45FDB128F25DC54692BFB4AF17224F0980DAED858F663D264A908CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1EEA, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Socket
                                                                                        • String ID:
                                                                                        • API String ID: 38366605-0
                                                                                        • Opcode ID: bb4b3c517d2af8144a2f7a9c3364429fac5623f5b8bfe2864eea7f5eabea0a8e
                                                                                        • Instruction ID: 30b43ad1c76b64c165bec92ca0ebcfa815a7d68fa2a736d674f1779ef86fe8d5
                                                                                        • Opcode Fuzzy Hash: bb4b3c517d2af8144a2f7a9c3364429fac5623f5b8bfe2864eea7f5eabea0a8e
                                                                                        • Instruction Fuzzy Hash: 9121A171500244AFEB21DF65DC44B66FFE8EF04320F14846AEE859B251D775B404CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF24DA, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileView
                                                                                        • String ID:
                                                                                        • API String ID: 3314676101-0
                                                                                        • Opcode ID: 95930d5eb2dc8cadd12ea316e84e58a42fa63ba88a382bff171a93516333a215
                                                                                        • Instruction ID: 26e8553b52dd4b8832643a6988a79f6dc6aa15d49cb23d14cf0176808ee59162
                                                                                        • Opcode Fuzzy Hash: 95930d5eb2dc8cadd12ea316e84e58a42fa63ba88a382bff171a93516333a215
                                                                                        • Instruction Fuzzy Hash: 6521A171500200AFEB21DF59DC85F96FBE8EF08310F04845AEA849B251D771B508CB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF04EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF055C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: fd7a51ab471dcbdd6febbe0b8effc2c3bb1acab554daa7c66d9c8cf13ccae0f3
                                                                                        • Instruction ID: 9f88a7b803b610c49a6fe02619d20e748a3a145356208840b672fdb13e9f64a2
                                                                                        • Opcode Fuzzy Hash: fd7a51ab471dcbdd6febbe0b8effc2c3bb1acab554daa7c66d9c8cf13ccae0f3
                                                                                        • Instruction Fuzzy Hash: 38117FB1A00604AFEB20CE55DC80F66FBE8EF05720F04845AEA469B252D7A4F504DA71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF01F4, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF0264
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: f5ca08122103c7201820c47af70df1b0e699500979202477eccbb725821c27d7
                                                                                        • Instruction ID: db17c2b4a3ec4ed4a56875e4ae72200a0b08e0e41cb7ccd2a21bd0fe2f4e747a
                                                                                        • Opcode Fuzzy Hash: f5ca08122103c7201820c47af70df1b0e699500979202477eccbb725821c27d7
                                                                                        • Instruction Fuzzy Hash: C121C3754057849FE712CF64DC85752BFA8EF02324F0884ABED848B653D274A908CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegSetValueExW.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF0C10
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Value
                                                                                        • String ID:
                                                                                        • API String ID: 3702945584-0
                                                                                        • Opcode ID: 822a85bd30618c796b90a8b20618ea3ffb63b9a354506d9d32c22d609ce6a440
                                                                                        • Instruction ID: 11738c28918b5681ed290c9e9dba781109b265b3ebe1acb418500ab419a590fb
                                                                                        • Opcode Fuzzy Hash: 822a85bd30618c796b90a8b20618ea3ffb63b9a354506d9d32c22d609ce6a440
                                                                                        • Instruction Fuzzy Hash: 151190B6600204AFEB20DE55DC81F67FBACEF44725F04849AEE459B242E764F404DA71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF118F, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 04EF1202
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: KernelObjectSecurity
                                                                                        • String ID:
                                                                                        • API String ID: 3015937269-0
                                                                                        • Opcode ID: 255657456b4c2977e736ba0471be6d5566de461443beeb9779dd6a2d537ae984
                                                                                        • Instruction ID: 7e57b94ba8014593445d0ff48960ee045520739b15958ca575432c2645c0c928
                                                                                        • Opcode Fuzzy Hash: 255657456b4c2977e736ba0471be6d5566de461443beeb9779dd6a2d537ae984
                                                                                        • Instruction Fuzzy Hash: CA21AF751093849FDB228F25DC44A52FFB4EF06214F0980DFED848B2A3D265A949CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1006, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetExitCodeProcess.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF105C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CodeExitProcess
                                                                                        • String ID:
                                                                                        • API String ID: 3861947596-0
                                                                                        • Opcode ID: 5428e95c56e206542663635734e36b8f8ece1ea283009b8e9b66e345a268adf5
                                                                                        • Instruction ID: 046f76588e9ab8775329963845f2ae760defd5846cff6a1cb90d4a50a217cabd
                                                                                        • Opcode Fuzzy Hash: 5428e95c56e206542663635734e36b8f8ece1ea283009b8e9b66e345a268adf5
                                                                                        • Instruction Fuzzy Hash: 3C11CA71504244AFEB10DF65DC85BAAFB9CDF44720F14946AEE45DF281D774A804CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?), ref: 00DAB841
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: e1b482cbe865a19844734a53b3dfac27e169be2333e99efd0ef557d964004b4b
                                                                                        • Instruction ID: b6a3f2bd8456dfe7e943ad8a84b847344c7bedf853524b2c91c54548883a4200
                                                                                        • Opcode Fuzzy Hash: e1b482cbe865a19844734a53b3dfac27e169be2333e99efd0ef557d964004b4b
                                                                                        • Instruction Fuzzy Hash: 102190754097C09FDB128B25DC50A92BFB4EF17320F0D84DAEDC44F163D265A958DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DAA58A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: 4a93848a393493d142360603d7d3c8049b3e942e168453ac65bb5069502eaaeb
                                                                                        • Instruction ID: fdd533bb6ca0c1d7c5cd7be83a1f60b0ccea69a7757543dbab0bb540d71b9501
                                                                                        • Opcode Fuzzy Hash: 4a93848a393493d142360603d7d3c8049b3e942e168453ac65bb5069502eaaeb
                                                                                        • Instruction Fuzzy Hash: D3117271409380AFDB228F55DC44A62FFF4EF4A320F08859AED858B152D375A518DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF10E2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileA.KERNEL32(?,00000E2C), ref: 04EF114B
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 09ee507eec1df53b4ed855f2ce5eaacb601fd4b8eb6a1b3d8cb076f8ee9fc7b2
                                                                                        • Instruction ID: f75d04cdd8918ceb2bbcec02d70b747c7742fa2e823d22696bf67ee77b930677
                                                                                        • Opcode Fuzzy Hash: 09ee507eec1df53b4ed855f2ce5eaacb601fd4b8eb6a1b3d8cb076f8ee9fc7b2
                                                                                        • Instruction Fuzzy Hash: 9111A971600204AFF720DB29DC85BA6FB98DF44720F14C59AFE459B281D6B4B944CAB5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF09F2, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • setsockopt.WS2_32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF0A51
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: setsockopt
                                                                                        • String ID:
                                                                                        • API String ID: 3981526788-0
                                                                                        • Opcode ID: df0f07fbbebd419990123d83ee4e04dec68883610a19ad2b7f6fe4ca7df2f353
                                                                                        • Instruction ID: 369d4d6469c0541711280ebb7ef469410f39c03bc2261935b4888b07f558a783
                                                                                        • Opcode Fuzzy Hash: df0f07fbbebd419990123d83ee4e04dec68883610a19ad2b7f6fe4ca7df2f353
                                                                                        • Instruction Fuzzy Hash: 9211C471500600AFEB21CF55DC80F96FBE8EF44320F14846AEE999B252D774A504CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF02DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegOpenKeyExA.KERNEL32(?,00000E2C), ref: 04EF0353
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Open
                                                                                        • String ID:
                                                                                        • API String ID: 71445658-0
                                                                                        • Opcode ID: 0dde29aeb988d6deae44fc7eb9c384edc169a7458d2b8e39fa94e346c8fba4b1
                                                                                        • Instruction ID: a11bde9509c56e5b9c9c66ac7f78fd7e791660a217ec72eaca933889a8870a51
                                                                                        • Opcode Fuzzy Hash: 0dde29aeb988d6deae44fc7eb9c384edc169a7458d2b8e39fa94e346c8fba4b1
                                                                                        • Instruction Fuzzy Hash: 2211C171500200AFEB219F15DC81FBAFFA8EF04720F14849AFE855A292D2B5B508DBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1750, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • K32EnumProcesses.KERNEL32(?,?,?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF17B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: EnumProcesses
                                                                                        • String ID:
                                                                                        • API String ID: 84517404-0
                                                                                        • Opcode ID: a1c0d8a96e288f8c9d2ca316c733900cd7a8cb11965286373710e8a9f49e7cc3
                                                                                        • Instruction ID: bb6c28aa6f81203e83587dfadf9aada8113df0fc8aaf82d1a5cc8a7aeab6c19c
                                                                                        • Opcode Fuzzy Hash: a1c0d8a96e288f8c9d2ca316c733900cd7a8cb11965286373710e8a9f49e7cc3
                                                                                        • Instruction Fuzzy Hash: 141154755097849FD711CF65DC44B96FFE8EF06220F0884AAED49CB252D374A948CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DABB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: 5f7bd445104cbfb4d9ae2db4131ba2f8bc81217ca39eba0baab8656bc3f34b14
                                                                                        • Instruction ID: a2e17d62e7807908ac5ad134069d002b94c5201e65ed78fb2dcb6cede924b642
                                                                                        • Opcode Fuzzy Hash: 5f7bd445104cbfb4d9ae2db4131ba2f8bc81217ca39eba0baab8656bc3f34b14
                                                                                        • Instruction Fuzzy Hash: 2511BE35509380AFDB228F25CC45A52FFB4EF16220F0885DFED858B663D265A858CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DABE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DispatchMessageW.USER32(?), ref: 00DABE70
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID:
                                                                                        • API String ID: 2061451462-0
                                                                                        • Opcode ID: 5eaee3bc261fb845f151a6e597ae6e23c67c146f3cca8e336b027a328508a457
                                                                                        • Instruction ID: 21b8934dc8c5e5c7095757c99e2f3d98013f5f874a819f648b52f1c32351b00e
                                                                                        • Opcode Fuzzy Hash: 5eaee3bc261fb845f151a6e597ae6e23c67c146f3cca8e336b027a328508a457
                                                                                        • Instruction Fuzzy Hash: 32117F754093C0AFDB128B259C44761BFB4EF47624F0980DBED854F253D2655908CB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 00DAB78A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateFromIconResource
                                                                                        • String ID:
                                                                                        • API String ID: 3668623891-0
                                                                                        • Opcode ID: a8b636beae8560bf185e059b4bcd2cbdf84c36f0fbb5ccd7e371bd836c8b4ae4
                                                                                        • Instruction ID: 3c7c0fcee3ae91e239ec582befac203a1a565261c1763e9303344a71efb5b3b1
                                                                                        • Opcode Fuzzy Hash: a8b636beae8560bf185e059b4bcd2cbdf84c36f0fbb5ccd7e371bd836c8b4ae4
                                                                                        • Instruction Fuzzy Hash: 12116D36408384AFDB228F65DC44A52FFF4EF4A320F0885AEED858B562D375A459CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DABEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileW.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00DABF0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 7f4361807bc3d3ad9fbf1e755290709d3654413569157045a859af6352a27430
                                                                                        • Instruction ID: 906015ad4adfca4406160b4b2fe811bca10e75348264ce06837e361d3a9092c7
                                                                                        • Opcode Fuzzy Hash: 7f4361807bc3d3ad9fbf1e755290709d3654413569157045a859af6352a27430
                                                                                        • Instruction Fuzzy Hash: E2118C726053809FDB11CF25DC85B96BFA8EF06220F0880AAED49CF252D375E848CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF15EB, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetSystemInfo.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF164C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: InfoSystem
                                                                                        • String ID:
                                                                                        • API String ID: 31276548-0
                                                                                        • Opcode ID: bff25fa157e3329168edaca245fc93d019fda32542516c954a7756e892a08844
                                                                                        • Instruction ID: b62475321826cec88deb8f38fda4d39b3efdbf4cba55af5236784dfdd59176f4
                                                                                        • Opcode Fuzzy Hash: bff25fa157e3329168edaca245fc93d019fda32542516c954a7756e892a08844
                                                                                        • Instruction Fuzzy Hash: ED118E714093C49FDB128B24D844652FFF4EF06220F0D84EADD858F163C264A948CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CopyFileW.KERNEL32(?,?,?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF0B1E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CopyFile
                                                                                        • String ID:
                                                                                        • API String ID: 1304948518-0
                                                                                        • Opcode ID: 049e9ac606dfc53599103cbff5b9dd6d98dc1ff5c0bd8d3111ce80a3924d8929
                                                                                        • Instruction ID: 2c30b89bd29a3947ad1637f3e05508b7c9ec00632693e4368b85685c2d3fc01c
                                                                                        • Opcode Fuzzy Hash: 049e9ac606dfc53599103cbff5b9dd6d98dc1ff5c0bd8d3111ce80a3924d8929
                                                                                        • Instruction Fuzzy Hash: E511A1B16102048FDB20CF29DC85756FBE8EF44325F08D0AADD49CB242E274E404CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1276, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 04EF12BE
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LookupPrivilegeValue
                                                                                        • String ID:
                                                                                        • API String ID: 3899507212-0
                                                                                        • Opcode ID: 049e9ac606dfc53599103cbff5b9dd6d98dc1ff5c0bd8d3111ce80a3924d8929
                                                                                        • Instruction ID: 5c0e93aeb3d3eac759adcee4d7b37cf034d5894cd3f118405ad105117f0f1541
                                                                                        • Opcode Fuzzy Hash: 049e9ac606dfc53599103cbff5b9dd6d98dc1ff5c0bd8d3111ce80a3924d8929
                                                                                        • Instruction Fuzzy Hash: 6C11A571A00244CFEB10CFAADC85756FBD8EF44220F08D06ADD49CB246D674E804DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateDirectoryW.KERNEL32(?,?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF079F
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateDirectory
                                                                                        • String ID:
                                                                                        • API String ID: 4241100979-0
                                                                                        • Opcode ID: 9d08b9f1b461534d4276b562fa7f40efa68148975eab485d8275cbe534114ebd
                                                                                        • Instruction ID: 7886d05727c8be5cc78d82a3add8416d4e6906823a4539d2b80cccd1bca427aa
                                                                                        • Opcode Fuzzy Hash: 9d08b9f1b461534d4276b562fa7f40efa68148975eab485d8275cbe534114ebd
                                                                                        • Instruction Fuzzy Hash: E311C4756016408FDB10DF29DC84BA6FBE8EF04220F18D0AADD49CB682E374E404CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetFileType.KERNEL32(?,00000E2C,7E38512A,00000000,00000000,00000000,00000000), ref: 04EF0985
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileType
                                                                                        • String ID:
                                                                                        • API String ID: 3081899298-0
                                                                                        • Opcode ID: 800286273009cd09a8f9b58df2c240632da0d98eee1cc963ab7e12d8278d2a20
                                                                                        • Instruction ID: 6243d214f0f5281e50009d683e2ff0c8fca7a86f8f9e8de102642f83f790609d
                                                                                        • Opcode Fuzzy Hash: 800286273009cd09a8f9b58df2c240632da0d98eee1cc963ab7e12d8278d2a20
                                                                                        • Instruction Fuzzy Hash: 9101D2B1500204AEF710CF19DC85BA6FBA8EF84720F14D09AEF459B242E674B504CAB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: closesocket
                                                                                        • String ID:
                                                                                        • API String ID: 2781271927-0
                                                                                        • Opcode ID: c87d3cdeae1235295d692def316d255625690072f39ac4c31ff3fbb019a7429f
                                                                                        • Instruction ID: c308f0d65365d64d151551253490640f34b9309b7cb8ca9370b795d13c0c62da
                                                                                        • Opcode Fuzzy Hash: c87d3cdeae1235295d692def316d255625690072f39ac4c31ff3fbb019a7429f
                                                                                        • Instruction Fuzzy Hash: 411191754093849FDB12CF15DC44B52BFB4EF06220F0884AAED458F253D375A948CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1772, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • K32EnumProcesses.KERNEL32(?,?,?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF17B2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: EnumProcesses
                                                                                        • String ID:
                                                                                        • API String ID: 84517404-0
                                                                                        • Opcode ID: ce98d013e939271af40493b26e450c8dd7720c9597a295b8ab91ab80d287b7f6
                                                                                        • Instruction ID: 28cd073f41ba11e50dc73cda778e5320604d165f8a1ee64860290a828b65b868
                                                                                        • Opcode Fuzzy Hash: ce98d013e939271af40493b26e450c8dd7720c9597a295b8ab91ab80d287b7f6
                                                                                        • Instruction Fuzzy Hash: 27116175604644DFDB10CF69DC84796FBE4EF05220F18D4AAEE498B292D674E804CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,?,?), ref: 00DAA926
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1378638983-0
                                                                                        • Opcode ID: 02ad62abdfdad6abd0fe4c2635924bb815c425111609fda162852094affc4958
                                                                                        • Instruction ID: 888536d73a239607f8db98ac057b19bb4fd9b5d6b14b7768e9c3d0c31a039191
                                                                                        • Opcode Fuzzy Hash: 02ad62abdfdad6abd0fe4c2635924bb815c425111609fda162852094affc4958
                                                                                        • Instruction Fuzzy Hash: 6611CE31409784AFDB228F15DC85A52FFB4EF06320F09C5DAED854B262D375A808CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF30E6, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FormatMessageW.KERNEL32(?,00000E2C,?,?), ref: 04EF3136
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FormatMessage
                                                                                        • String ID:
                                                                                        • API String ID: 1306739567-0
                                                                                        • Opcode ID: 1cc7fc6777e13e0a65f7bcd186d165cd687906e4aa33a46a4c61b86e1798f248
                                                                                        • Instruction ID: f6353d2f5d3918e61e0f6db7d285c3b7109f9357b3b812c29b14bde8bd85e55b
                                                                                        • Opcode Fuzzy Hash: 1cc7fc6777e13e0a65f7bcd186d165cd687906e4aa33a46a4c61b86e1798f248
                                                                                        • Instruction Fuzzy Hash: 8001B172900200ABD710DF2ADC85B26FBE8FB88B20F14812AED088B745E771F515CBE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0CCA, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetTempFileNameW.KERNEL32(?,00000E2C,?,?), ref: 04EF0D1A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileNameTemp
                                                                                        • String ID:
                                                                                        • API String ID: 745986568-0
                                                                                        • Opcode ID: cdb44bd65a0779d04819d4b75d417d2a3d4beb53834f5a02513a121567b4fdef
                                                                                        • Instruction ID: 0cc398fd92f693ef4a753bbe07ac233a432f31b22ce33844bd78fafe351f7c93
                                                                                        • Opcode Fuzzy Hash: cdb44bd65a0779d04819d4b75d417d2a3d4beb53834f5a02513a121567b4fdef
                                                                                        • Instruction Fuzzy Hash: 7C01B172900200ABD710DF2ADC85B26FBE8FB88B20F14812AED088B745E671F515CBE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DABED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DeleteFileW.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00DABF0C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DeleteFile
                                                                                        • String ID:
                                                                                        • API String ID: 4033686569-0
                                                                                        • Opcode ID: 11e27eac635b3080da665a3893871d9f0a44cf4373e4c95df3a466a97ef9bce5
                                                                                        • Instruction ID: fd73bab1da945862901ecaae087d034b5a21dc9627ef236e7cc0924212021c5b
                                                                                        • Opcode Fuzzy Hash: 11e27eac635b3080da665a3893871d9f0a44cf4373e4c95df3a466a97ef9bce5
                                                                                        • Instruction Fuzzy Hash: 49014C75A002409FDB10DF29DC857A6BBA8DF45320F1CC0ABED49CB646D775E805CA72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00DAA1C2
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: Startup
                                                                                        • String ID:
                                                                                        • API String ID: 724789610-0
                                                                                        • Opcode ID: ea523ced298ce30233485984d7c583feb4c2c89b89ada382d9ae12424815088c
                                                                                        • Instruction ID: 69a678c75a8dfc65b992cd292833e5e26e57d23429cbfc60c36649cda80b0f3d
                                                                                        • Opcode Fuzzy Hash: ea523ced298ce30233485984d7c583feb4c2c89b89ada382d9ae12424815088c
                                                                                        • Instruction Fuzzy Hash: E001B171900200ABD710DF2ADC85B26FBE8FB88A20F14816AED088B745E675F515CBE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF11C2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetKernelObjectSecurity.KERNELBASE(?,?,?), ref: 04EF1202
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: KernelObjectSecurity
                                                                                        • String ID:
                                                                                        • API String ID: 3015937269-0
                                                                                        • Opcode ID: dec0258255787b63c6499c67934f56e9baa4ef8e0eacd0bccb753abf738db4d5
                                                                                        • Instruction ID: d2a38134c6a06b6b9d3565b0a2fa0281ce946c564a94971224a592218ff34f7a
                                                                                        • Opcode Fuzzy Hash: dec0258255787b63c6499c67934f56e9baa4ef8e0eacd0bccb753abf738db4d5
                                                                                        • Instruction Fuzzy Hash: 4E015E75600244DFEB20CFA5DC85B66FBA4EF04320F08D1AADE498B652D275E848DB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00DAA58A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DuplicateHandle
                                                                                        • String ID:
                                                                                        • API String ID: 3793708945-0
                                                                                        • Opcode ID: fb590501ce076f65ebfb3cd2f7cf5bb65877224dd3edbbd9f7444c159dffcccc
                                                                                        • Instruction ID: fcddccbbfde1fe3efe8d6337f902a9674660e86479c5b9004f9d8909f68c686b
                                                                                        • Opcode Fuzzy Hash: fb590501ce076f65ebfb3cd2f7cf5bb65877224dd3edbbd9f7444c159dffcccc
                                                                                        • Instruction Fuzzy Hash: BE01AD318002009FDB218F59D844B56FFE0EF08320F08C5AAED894B652D375E414DF72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?), ref: 00DAB78A
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: CreateFromIconResource
                                                                                        • String ID:
                                                                                        • API String ID: 3668623891-0
                                                                                        • Opcode ID: 3bdf4c28a95ae126bf959d449b50f39a71ccc32ea7e6d1a182e650489c00af3b
                                                                                        • Instruction ID: 124b32942243f7b3ab938bab64be44ac103bca667a559935643e32afd453538d
                                                                                        • Opcode Fuzzy Hash: 3bdf4c28a95ae126bf959d449b50f39a71ccc32ea7e6d1a182e650489c00af3b
                                                                                        • Instruction Fuzzy Hash: 50018B314007009FDB218FA5D844B66FFA0EF48320F0884AAEE8A4A612D3B5E418DF71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF14C6, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF14F8
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: 345bbbc00b7c7d6ec6b9d52c6bb204636d7bd68baf972b11a20903580f0b518d
                                                                                        • Instruction ID: 63d64a31f9981458ade9ba2a060978f4a9d531b942477c28aa4144a61d2bfa42
                                                                                        • Opcode Fuzzy Hash: 345bbbc00b7c7d6ec6b9d52c6bb204636d7bd68baf972b11a20903580f0b518d
                                                                                        • Instruction Fuzzy Hash: 6D017C75A042448FDB10CF69E885796FBA4EF44221F08D0AADD4A8B642D274E848CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF1B2E, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • RegQueryValueExW.KERNEL32(?,00000E2C,?,?), ref: 04EF1B7E
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: QueryValue
                                                                                        • String ID:
                                                                                        • API String ID: 3660427363-0
                                                                                        • Opcode ID: 8c652f1e01f94ae1911210295715d1c4b47dec797a0f966aef2a639554a5d335
                                                                                        • Instruction ID: 5aac0142e27bc8870e948dd021f334ebd6eca34c68474a0ba6b9eab9c32e9d8c
                                                                                        • Opcode Fuzzy Hash: 8c652f1e01f94ae1911210295715d1c4b47dec797a0f966aef2a639554a5d335
                                                                                        • Instruction Fuzzy Hash: 2C01AD72600200ABD210DF1ADC86B26FBE8FB88B20F14811AED084B745E771F915CBE6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 04EF0232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 04EF0264
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.505639154.0000000004EF0000.00000040.00000001.sdmp, Offset: 04EF0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: c49dbb2f1c26540f9548466cdbe88b7d7e38e4076a6aa5d3ba9c90fddbc02e73
                                                                                        • Instruction ID: 91bfeadcfb59c66a3c7dd4547cc8a7e7b07a0f372c918c35c9adcb343d15cf42
                                                                                        • Opcode Fuzzy Hash: c49dbb2f1c26540f9548466cdbe88b7d7e38e4076a6aa5d3ba9c90fddbc02e73
                                                                                        • Instruction Fuzzy Hash: 24018F75A002409FEB10CF69DC847A6FBA4EF44221F08D4ABDD498F643E675A444DA71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00DAAFEA
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: NameUser
                                                                                        • String ID:
                                                                                        • API String ID: 2645101109-0
                                                                                        • Opcode ID: d4ce85d1e25dfdfca37c324c0c7118fa72c3e078bfb3f375e0761dca1d5405a0
                                                                                        • Instruction ID: d31fa26e21659dccedbfe5c20135fffc5ef09314f8f7464b453dd4af273b983a
                                                                                        • Opcode Fuzzy Hash: d4ce85d1e25dfdfca37c324c0c7118fa72c3e078bfb3f375e0761dca1d5405a0
                                                                                        • Instruction Fuzzy Hash: C601AD72600200ABD610DF1ADC86B26FBE8FB88B20F14815AED084B745E675F915CBE6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DABB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessagePost
                                                                                        • String ID:
                                                                                        • API String ID: 410705778-0
                                                                                        • Opcode ID: b39360c47d5551a04d4cb9c233b1c8335fb30659d13143a8787054b4c98414f7
                                                                                        • Instruction ID: 07bf401e9d903b116ea3c7a699e0a9721171fc98b2e21d4741042f7e052315a2
                                                                                        • Opcode Fuzzy Hash: b39360c47d5551a04d4cb9c233b1c8335fb30659d13143a8787054b4c98414f7
                                                                                        • Instruction Fuzzy Hash: 6F01BC355002009FDB208F16D884B66FFA4EF19320F18C0AAED8A8B666D375E418DF72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: closesocket
                                                                                        • String ID:
                                                                                        • API String ID: 2781271927-0
                                                                                        • Opcode ID: 6145f5917e85c9f027313b2c7897fd345754e4e8d723f6c4816b8be6ce3667f9
                                                                                        • Instruction ID: e14dcc17e0f1c2690c39d96dbb16766c4582ee04b516e93085a6be9078ae583c
                                                                                        • Opcode Fuzzy Hash: 6145f5917e85c9f027313b2c7897fd345754e4e8d723f6c4816b8be6ce3667f9
                                                                                        • Instruction Fuzzy Hash: 8C01AD759002409FDB10DF19D884766FFA4EF45321F18C1AADD498F242D378A808CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SendMessageW.USER32(?,?,?,?), ref: 00DAB841
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: MessageSend
                                                                                        • String ID:
                                                                                        • API String ID: 3850602802-0
                                                                                        • Opcode ID: afec44d2fc2e509ead1a587341b9aebdfb12d1832a615dcc0f2c22958644019a
                                                                                        • Instruction ID: f2b7ae13bbf8f566b3f1bf4a747796754ff24ca40f7ab13c63d050747fa81a85
                                                                                        • Opcode Fuzzy Hash: afec44d2fc2e509ead1a587341b9aebdfb12d1832a615dcc0f2c22958644019a
                                                                                        • Instruction Fuzzy Hash: BC018F754002449FDB208F29D884B65FFA4EF19320F18C09BDD890B262D379A418DBB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetWindowLongW.USER32(?,?,?), ref: 00DAA926
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: LongWindow
                                                                                        • String ID:
                                                                                        • API String ID: 1378638983-0
                                                                                        • Opcode ID: d6ac3d2e998aa6c83a7036fc9e06f1cbd6095cd8f51f363a26072aeadf294117
                                                                                        • Instruction ID: afb8c16a6609457f4e79912368f942ab9ccf46dabea79a447f0ba3cc517c34d2
                                                                                        • Opcode Fuzzy Hash: d6ac3d2e998aa6c83a7036fc9e06f1cbd6095cd8f51f363a26072aeadf294117
                                                                                        • Instruction Fuzzy Hash: AB01AD354006049FDB208F19D885752FFA4EF09320F18C1AADD8A0B252D375A808DF72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DAA372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • SetErrorMode.KERNEL32(?,7E38512A,00000000,?,?,?,?,?,?,?,?,72B13C38), ref: 00DAA3A4
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ErrorMode
                                                                                        • String ID:
                                                                                        • API String ID: 2340568224-0
                                                                                        • Opcode ID: 9c9c8a1ed9618bf2f7256b670166756401c648fd16d1e8a715963c9d8627e657
                                                                                        • Instruction ID: 6583c65f3772d4a231b7af57cfd529f49ff5e244d2ac878523b90ff4d9f0797e
                                                                                        • Opcode Fuzzy Hash: 9c9c8a1ed9618bf2f7256b670166756401c648fd16d1e8a715963c9d8627e657
                                                                                        • Instruction Fuzzy Hash: 97F0A9749002449FDB20CF59D884769FFA4EF45321F28C1AADD894B752D3B9E808CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DABE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • DispatchMessageW.USER32(?), ref: 00DABE70
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497780003.0000000000DAA000.00000040.00000001.sdmp, Offset: 00DAA000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: DispatchMessage
                                                                                        • String ID:
                                                                                        • API String ID: 2061451462-0
                                                                                        • Opcode ID: 9c9c8a1ed9618bf2f7256b670166756401c648fd16d1e8a715963c9d8627e657
                                                                                        • Instruction ID: 5f5db125001823bd7a6ba1b07a7230b5f5c2c6b2c1f77f60c879110c23e3abfe
                                                                                        • Opcode Fuzzy Hash: 9c9c8a1ed9618bf2f7256b670166756401c648fd16d1e8a715963c9d8627e657
                                                                                        • Instruction Fuzzy Hash: CCF08C759042849FDB208F15D8847A5FFA4EF45331F18C0ABEE894B352D3B9E548CAB2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029420D0, Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: r*+
                                                                                        • API String ID: 0-3221063712
                                                                                        • Opcode ID: 7034aa37b56c4a6f38c913c9672d799b6b768aab1cb8200798a6a8e965d56621
                                                                                        • Instruction ID: 8684a363261b0be3be2087ed3e0d608e07b8174bdbf025b7085a851b7c4f4eed
                                                                                        • Opcode Fuzzy Hash: 7034aa37b56c4a6f38c913c9672d799b6b768aab1cb8200798a6a8e965d56621
                                                                                        • Instruction Fuzzy Hash: 22713230E08206DFCB44DFA8C855ABEBBB5FF89300F1085AAED06EB255DB749941CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02949D7B, Relevance: 1.4, Strings: 1, Instructions: 182COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 21fdb01d38d8671cf764694f3812c1a06dfcff4f640a05bef88c7524114c7ce4
                                                                                        • Instruction ID: f907ebd2c86cfb4470c5716a08c92ba979a46c1399a9b3122ea22f22a0a7ef69
                                                                                        • Opcode Fuzzy Hash: 21fdb01d38d8671cf764694f3812c1a06dfcff4f640a05bef88c7524114c7ce4
                                                                                        • Instruction Fuzzy Hash: 0151FF71F04105DFDB24CF68C984ABFBBB2EBC5215B28887AD11ADB644DF319802CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948CC0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: r*+
                                                                                        • API String ID: 0-3221063712
                                                                                        • Opcode ID: 4e15c6b1cf5b2a70f53aff93a2923e98d8aa8c7d02cf0da69bcc3a37d94726a7
                                                                                        • Instruction ID: dfa34aac99c32a105f1adda5a0af777d20aa9f9b61cda01e1d713c828c71e943
                                                                                        • Opcode Fuzzy Hash: 4e15c6b1cf5b2a70f53aff93a2923e98d8aa8c7d02cf0da69bcc3a37d94726a7
                                                                                        • Instruction Fuzzy Hash: D8411930E05209DFCB48DFA8C946ABEBBB1FF55304F1089AAD402A73A4DB359A41CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029405B9, Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8Xq
                                                                                        • API String ID: 0-781766932
                                                                                        • Opcode ID: 7245f0bf652a41d5423e3e0c41e65cd241438b25e9ba55ae0f21e725dd10d13d
                                                                                        • Instruction ID: d6c75cd3cb8a24a953523f3eb98bbb37900781e02b880df70b1b1dffda9c1391
                                                                                        • Opcode Fuzzy Hash: 7245f0bf652a41d5423e3e0c41e65cd241438b25e9ba55ae0f21e725dd10d13d
                                                                                        • Instruction Fuzzy Hash: 8701D1217443248FCB09367E54226BF7B9BEBC6690758056BF106EB382DD6C9C0683F6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029405C8, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8Xq
                                                                                        • API String ID: 0-781766932
                                                                                        • Opcode ID: c837fea237162d5adbb174d4440de26ca0eee210ad66efb2014714a39d5556b5
                                                                                        • Instruction ID: 555aeb434812bb86a52cb361f0a2a50c9a8f499d0ac426563258380d62af66ea
                                                                                        • Opcode Fuzzy Hash: c837fea237162d5adbb174d4440de26ca0eee210ad66efb2014714a39d5556b5
                                                                                        • Instruction Fuzzy Hash: F6F090217002248BCA08767E54125BF62CFABC5791B54492EB10BF7385DD799C0243FA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029412A0, Relevance: .5, Instructions: 460COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ad82fbd433485b6e1c92295c3ef8952ba3a7daa7756cbf9daa4151622f065d9a
                                                                                        • Instruction ID: 9f3870a3dbf35214212ebfb3acf5d417eb5e3823975422ac0fb0d4f11eea10fb
                                                                                        • Opcode Fuzzy Hash: ad82fbd433485b6e1c92295c3ef8952ba3a7daa7756cbf9daa4151622f065d9a
                                                                                        • Instruction Fuzzy Hash: D422D435A00605CFCB24DF28C490A6ABBF2FF88350F108AA9D85A9B755DB34ED85CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294EBC8, Relevance: .4, Instructions: 374COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8024f9896a38b5bd4cffdeea08cb7c77db2ad0b64a72b1a3bb09501327a06686
                                                                                        • Instruction ID: 079c86fb9ad03dc6c23146b40cdcc4df9154dd5b79cd2ab2bf5e299a6af09b87
                                                                                        • Opcode Fuzzy Hash: 8024f9896a38b5bd4cffdeea08cb7c77db2ad0b64a72b1a3bb09501327a06686
                                                                                        • Instruction Fuzzy Hash: 41E15C34A04205DFDB15CB68C484FAEBBF6BF88314F158969E446AB791DB30ED81CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02943B6B, Relevance: .2, Instructions: 243COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58c46fc9ace855c63727745da01b1bf405cfeaba872e3fbd84fc19b42d7ddac4
                                                                                        • Instruction ID: 6217b793cac3798aaecf91a220a5f461140cb6fd41ce2a6f7aeec7e13a9025f6
                                                                                        • Opcode Fuzzy Hash: 58c46fc9ace855c63727745da01b1bf405cfeaba872e3fbd84fc19b42d7ddac4
                                                                                        • Instruction Fuzzy Hash: 21915031600115DFCF05DFA8C884DA9BBB2FF4831072A85D5E515AF266CB31ED51CB95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029464D0, Relevance: .2, Instructions: 241COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c10e2765a12a66b3fa3d710a63eb26bb0774d1eaa48cff48bd529ee6e0b43ada
                                                                                        • Instruction ID: dbbef44809b3c7b84e24c56c3b148c9c8f27ea7ae416b90eac3edd1b619685ee
                                                                                        • Opcode Fuzzy Hash: c10e2765a12a66b3fa3d710a63eb26bb0774d1eaa48cff48bd529ee6e0b43ada
                                                                                        • Instruction Fuzzy Hash: DB817E71A00619CFCF15CF24C890ADAB7B6BF86304F158595D90AAF215DB71AE86CF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294B190, Relevance: .2, Instructions: 231COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae29eb609c7a7efb986c706b48b9d66b583c4af688c0c12b0a95f9dacff9cded
                                                                                        • Instruction ID: eef64a1cc037a4f3d561b97bddb9d5de6ae6320d3ab3f768f45abb3feee2320b
                                                                                        • Opcode Fuzzy Hash: ae29eb609c7a7efb986c706b48b9d66b583c4af688c0c12b0a95f9dacff9cded
                                                                                        • Instruction Fuzzy Hash: F281BF70A006168BC704EB69C895B7E7BB3FFC5304F60866CE1059B699DF71AD4287A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029402E8, Relevance: .2, Instructions: 173COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f18faca0fd913c4b449c95fcbcd02e0ca38c81bd6d7a52ed9c37f61035f5d74e
                                                                                        • Instruction ID: 2e399913d0e6dd7116e205868da6402607497b311334543caa4e4334bb9fa07a
                                                                                        • Opcode Fuzzy Hash: f18faca0fd913c4b449c95fcbcd02e0ca38c81bd6d7a52ed9c37f61035f5d74e
                                                                                        • Instruction Fuzzy Hash: 37516F31B09205CFDB08DF69C460AAE7BF2EF89314F158469D60AAB395DF35AC05CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029479E0, Relevance: .2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 70945e4776b899de26f0ceb4bec4c86bb7e70cc3e868a78dbdf9383a31ed7573
                                                                                        • Instruction ID: 968d973fa95c3d0e38bab775402c8a235b16adefca3b925195d595857d1bcce0
                                                                                        • Opcode Fuzzy Hash: 70945e4776b899de26f0ceb4bec4c86bb7e70cc3e868a78dbdf9383a31ed7573
                                                                                        • Instruction Fuzzy Hash: 6431163190022ECFDF11CF64C854ADABBB2AF85304F518999D909BB245DB706B8ACF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947630, Relevance: .2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a6bd1e891eec413bf0e319c9f4f43b65ffdd098c9c76a5550b27ca9a1d9b6fd
                                                                                        • Instruction ID: 193765440e06c21cb6eeb59c706c2f563f31d66a7f006f1e29d0d0cd70934623
                                                                                        • Opcode Fuzzy Hash: 9a6bd1e891eec413bf0e319c9f4f43b65ffdd098c9c76a5550b27ca9a1d9b6fd
                                                                                        • Instruction Fuzzy Hash: 69512D71B002198BCB18DBB9C450AAEF7F7BFC8710B658569D40AAB345DF31AD42CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948540, Relevance: .2, Instructions: 153COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 270660008b8ab496083e85d7b80ffa059b562c755dc448db93e19b890e5dca67
                                                                                        • Instruction ID: 591f8667f3189dd074bce1ecfb0fe47af0f8863c9379f460a84e836649fe699b
                                                                                        • Opcode Fuzzy Hash: 270660008b8ab496083e85d7b80ffa059b562c755dc448db93e19b890e5dca67
                                                                                        • Instruction Fuzzy Hash: 7C51C071A04115CFCB54CB68C984EAEFBF2FF84314F1489BAD51AA7290DF31A846CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029409A0, Relevance: .1, Instructions: 148COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1154dbda5e7fa521a42e64e7abec5224609970b424ac6cc50365b7dd497aa179
                                                                                        • Instruction ID: db156af1e51b6f177ded9ca4ea7f84327279caf54cfa20f3126192e26154dd11
                                                                                        • Opcode Fuzzy Hash: 1154dbda5e7fa521a42e64e7abec5224609970b424ac6cc50365b7dd497aa179
                                                                                        • Instruction Fuzzy Hash: 7341D731B44255EBCF189BA9D850FBEB7A5BB84704F20495ED643AB240EF709D01CBA9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948740, Relevance: .1, Instructions: 147COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f40860cfc0ee021b24baadc4b9c99d18d144254147e32bf48715fc42d4c99e05
                                                                                        • Instruction ID: 9392a14239f77f519bd2cef9ba48a32c411ba967e9265c5c6430aee705fdfc5b
                                                                                        • Opcode Fuzzy Hash: f40860cfc0ee021b24baadc4b9c99d18d144254147e32bf48715fc42d4c99e05
                                                                                        • Instruction Fuzzy Hash: 42513875D00618CFCB14DFA8C984A9DBBF1FF48314F208A6AD85AA7395EB316945CF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940681, Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1a6f4baf7c84440e31540c9164702dbea714d2055452884a22a82d0bd9fde2dc
                                                                                        • Instruction ID: c8a84466825fbe7f4f4e8048bead80d8b03ca0fe4c2983a54d13770322bcc451
                                                                                        • Opcode Fuzzy Hash: 1a6f4baf7c84440e31540c9164702dbea714d2055452884a22a82d0bd9fde2dc
                                                                                        • Instruction Fuzzy Hash: 1E413831648350CFC7086B79EC1996D3BA6BFC1306B158A69F502DA3B5DF618C418BB6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947F20, Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c8854bfe94f2f4bf405a993cb0a6ad8ba2eb28b76bd62fb7e8d0f40717435709
                                                                                        • Instruction ID: 74db6f87d1700cf00b6eea32a0d03e7352cb88cf66b1457cc32eed4497e142a0
                                                                                        • Opcode Fuzzy Hash: c8854bfe94f2f4bf405a993cb0a6ad8ba2eb28b76bd62fb7e8d0f40717435709
                                                                                        • Instruction Fuzzy Hash: 27510A34A00215CFCB14EB78C598BADBBF2BF85304F6546B9D40A9B295DF319C41CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940BC0, Relevance: .1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 05d71980e51362b348856cd08a3337f4b79cd46ff43c9b31536c587bfa1fdbd2
                                                                                        • Instruction ID: cd1af2d679a333942b5713408b7e157c2150ddafb866b31120960e935ba20c8b
                                                                                        • Opcode Fuzzy Hash: 05d71980e51362b348856cd08a3337f4b79cd46ff43c9b31536c587bfa1fdbd2
                                                                                        • Instruction Fuzzy Hash: 8D41B331B04114CFCB199B68C414AAE7BE6EFC5311F15846AE906EF7A1CEB29D0AC791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02941458, Relevance: .1, Instructions: 128COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e9e1a002c7e9b52ce8513b679401d225a959302fc9ba1853ac1840fbf599dabc
                                                                                        • Instruction ID: 282e26f06d1502cb13a892ce6f536b0b5a67759899dbd17e01cf170ec5075ccc
                                                                                        • Opcode Fuzzy Hash: e9e1a002c7e9b52ce8513b679401d225a959302fc9ba1853ac1840fbf599dabc
                                                                                        • Instruction Fuzzy Hash: E451E435A00218CFDB14EF68C894B9DBBB2BF89304F5040E9D40AAB366DB359D89CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945920, Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 921153a4a37d729b07361c641489b0d5e4815926e4c9aaeb47c47c707e637183
                                                                                        • Instruction ID: 13efa5ae5a53a53ce346ca94ce42e73edc30e57365ed23e68067ba93f74d426b
                                                                                        • Opcode Fuzzy Hash: 921153a4a37d729b07361c641489b0d5e4815926e4c9aaeb47c47c707e637183
                                                                                        • Instruction Fuzzy Hash: 97419F31B04300CFDB046BF59815B3E269A6FE8621BD6896AE502DB394EF35DC01CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294B530, Relevance: .1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8f55d77f4390f13e1c74cfdb371ad8f32d2aa722efe77cf8d3f54af3655dcc98
                                                                                        • Instruction ID: 979d99b16b0d9ddeb91f64c931ce723bd60ec978aeefd57e44a0c7d281e07aa2
                                                                                        • Opcode Fuzzy Hash: 8f55d77f4390f13e1c74cfdb371ad8f32d2aa722efe77cf8d3f54af3655dcc98
                                                                                        • Instruction Fuzzy Hash: 8C41B271E00A658BCB14DBA9D4905AEFBF2FF88314B10892EE45AD7740DB35ED418B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947158, Relevance: .1, Instructions: 120COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cfa1f42d91796516f89d547b04d8b92eefa1541285101b238404c8f762e00717
                                                                                        • Instruction ID: de5e2990077bbf23975f924b29d47cdb05db0d0613476a45f677ac9ec29b8839
                                                                                        • Opcode Fuzzy Hash: cfa1f42d91796516f89d547b04d8b92eefa1541285101b238404c8f762e00717
                                                                                        • Instruction Fuzzy Hash: 42418E36A01204DFCB15AB79D46156D7BB3BF8E7003544268E806EB396DF329C45CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947168, Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54e587d71e6a4bc9533eee98ab9cd08a3ef689cfff4d1bb9389f75c6a16779dd
                                                                                        • Instruction ID: 189f32626f27c290e25d8dfa17952f98311e42c190534d1f76e0ddfe02e50346
                                                                                        • Opcode Fuzzy Hash: 54e587d71e6a4bc9533eee98ab9cd08a3ef689cfff4d1bb9389f75c6a16779dd
                                                                                        • Instruction Fuzzy Hash: DD418F36B01204DFC705AB69D06156D7BB3BF8D7113544268E906E7386EF329C41CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029402D9, Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 671e30ff64384ef78a23543ea5736204b4bf1f5126d70ea81fa012aeb2ed86b6
                                                                                        • Instruction ID: 4014280d4d5d0b5c625eba47791e9befd7023a95a280be6f0f5014e5f6871adf
                                                                                        • Opcode Fuzzy Hash: 671e30ff64384ef78a23543ea5736204b4bf1f5126d70ea81fa012aeb2ed86b6
                                                                                        • Instruction Fuzzy Hash: 96418B30B05205CFDB18CB68C164BAE7FB2EF88304F144869D606AB7A0DF75AC40CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029409A9, Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e45086a43da9ee44c25b1d7b932e63e690ccb5da16d122a60328b09f25fd3a98
                                                                                        • Instruction ID: 8d6fa8c54e7f6e0c7a2fa6aa41449354ac2b5b192b0b40b506e1681b5919371f
                                                                                        • Opcode Fuzzy Hash: e45086a43da9ee44c25b1d7b932e63e690ccb5da16d122a60328b09f25fd3a98
                                                                                        • Instruction Fuzzy Hash: 73414F35B00615DFCB04DBA9D898AADB7F6FF84305F258169E1069B365DF31AC02CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029443C0, Relevance: .1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c719bf97760eef9d4ca792ba0b04cabf3bc4be605f9e5d6331f31e68b5590ff
                                                                                        • Instruction ID: 82e689d19711b912f84871845d074d8377815d89006756dba608fd982896b6f9
                                                                                        • Opcode Fuzzy Hash: 5c719bf97760eef9d4ca792ba0b04cabf3bc4be605f9e5d6331f31e68b5590ff
                                                                                        • Instruction Fuzzy Hash: 6C31C136604215DFCB01EF68EC549AD7BF2FF8830471485A9E4069B37ADF31A816DB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E628, Relevance: .1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d156e7bb359808a24ff6f0ac52d3674e410b2e4f4c93c387f0e63f9fecca85a8
                                                                                        • Instruction ID: 83494c2e41c615c99ffa364407beaa686b4f5ab9862be9be2e09b7789283fe3c
                                                                                        • Opcode Fuzzy Hash: d156e7bb359808a24ff6f0ac52d3674e410b2e4f4c93c387f0e63f9fecca85a8
                                                                                        • Instruction Fuzzy Hash: B2315A71B01209DFCB54DFA8C544EAEFBF6BB88210F149669E44AA7342DB35E845CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02941290, Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8d2fe3103a8fa32a07629f17a5cc9005914baf701d1155bf7443b608dc8b0aa3
                                                                                        • Instruction ID: c42bd4c29d7bc2d86e308acf600fcde91d1767c93fd319363b20e579737e866d
                                                                                        • Opcode Fuzzy Hash: 8d2fe3103a8fa32a07629f17a5cc9005914baf701d1155bf7443b608dc8b0aa3
                                                                                        • Instruction Fuzzy Hash: 50410374A04218DFCB64DB68D894BADBBB1BF49344F0044EAD40EAB755DB309D84CF62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945B51, Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3456a02b151e1d095b3a8c87fd7ddbf3cfe3c7e73daaae019a13fa0eda5a9ce
                                                                                        • Instruction ID: 4981c2e160c4f23fdc0b594b9757f3e53b68aa381bcacbcb1ac5167d486f75b7
                                                                                        • Opcode Fuzzy Hash: e3456a02b151e1d095b3a8c87fd7ddbf3cfe3c7e73daaae019a13fa0eda5a9ce
                                                                                        • Instruction Fuzzy Hash: 9F21B171B141048FCB089BF98450ABE7BE7AF98311B56497AD407EB341DE358D02CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029445C8, Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6eb172286c26a6b34647da9e34f2a3a18f620fbcb2c05971f56fb1682787ba34
                                                                                        • Instruction ID: 55201f1ce2a89d3f172f604e593508112b446aacdfe3bbb9918dc1a50c3ee12c
                                                                                        • Opcode Fuzzy Hash: 6eb172286c26a6b34647da9e34f2a3a18f620fbcb2c05971f56fb1682787ba34
                                                                                        • Instruction Fuzzy Hash: 1D217E31B00119DFDB14DAA9D881FFEB3BDFB88204F105526E61AE3244EB705914CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947620, Relevance: .1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8c78deafa5d6361bb87e7be5e002001d08415e1a19bb349854ede3b62b768fab
                                                                                        • Instruction ID: a3fbf3359b5fafb94a3322789329ed6e4506a5b9e2f6784ac487a6968d03bb4d
                                                                                        • Opcode Fuzzy Hash: 8c78deafa5d6361bb87e7be5e002001d08415e1a19bb349854ede3b62b768fab
                                                                                        • Instruction Fuzzy Hash: 0B314B31A042088FCB04DBB9C4549DEBBF3AF88310B15856AC80AAB355EF31AD06CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294F120, Relevance: .1, Instructions: 94COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9ae8e5f7debd890cff1d6c49e0a92d18dc8c282a67b73801fae7630369c832b
                                                                                        • Instruction ID: fd0b740c95dff3fdb35c3d8010693e4b9a4d1055af851417a7a852e05aa4f604
                                                                                        • Opcode Fuzzy Hash: c9ae8e5f7debd890cff1d6c49e0a92d18dc8c282a67b73801fae7630369c832b
                                                                                        • Instruction Fuzzy Hash: B7410970504B52DFD339CB3AC540B66BBF2BF89309F14C86EC59A86EA0DB75A446CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940006, Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 004fca43ed3b5df84336e0f6f9c2ec5e4c14d819ded92bf995253001b60ffb4e
                                                                                        • Instruction ID: 3831f931e991253c28fb033575925bb23042312a48f2e4669ffb9e4a8dd2e4ae
                                                                                        • Opcode Fuzzy Hash: 004fca43ed3b5df84336e0f6f9c2ec5e4c14d819ded92bf995253001b60ffb4e
                                                                                        • Instruction Fuzzy Hash: 3631413150D3C2CFC706AB7888655693FF1EF46304B0949EAD185CB2A7EB389849CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E8A7, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5f2db61b0fccb74b7fa9db7558287b3ed3ff0142f749defae6a50d9209358318
                                                                                        • Instruction ID: 361f3ae5ff76b82b25a311eba5fe5d35fa5b11addb4f4fb9a30bdf910d20142f
                                                                                        • Opcode Fuzzy Hash: 5f2db61b0fccb74b7fa9db7558287b3ed3ff0142f749defae6a50d9209358318
                                                                                        • Instruction Fuzzy Hash: FB314B70B00205CFCB54DF79C581AAEBBF6BF88310F608929E546A7790DA75DC46CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029450E0, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 78ef9279c82f315a3cb2222a98295660ac118fcee4cfd1b2fcb369eb25cc117b
                                                                                        • Instruction ID: 61748bb21a30a38a67868bfa027b702b64934f08da7f7203cd5ddac2cba95c8d
                                                                                        • Opcode Fuzzy Hash: 78ef9279c82f315a3cb2222a98295660ac118fcee4cfd1b2fcb369eb25cc117b
                                                                                        • Instruction Fuzzy Hash: E1214B71E003099FDB04DBA9C454AAEBBF6AFD9300F514929D40AAB355EB70A946CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E438, Relevance: .1, Instructions: 90COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cb9b5a012ba1e9cf7e50a02a13b57b76c226b96c0523c822e61b365d3c184369
                                                                                        • Instruction ID: 17e9cc78037a026b93b541e823ba97f4a9e344fb84769b2a73d4e8e41fbf5ace
                                                                                        • Opcode Fuzzy Hash: cb9b5a012ba1e9cf7e50a02a13b57b76c226b96c0523c822e61b365d3c184369
                                                                                        • Instruction Fuzzy Hash: 4E312B31200616CFC754EB39C4A12AA77E3BFC5304B648D6CD4869F795DE76E8068FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029443D0, Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0311226b20a9023d6dc2608d95a1b3e23a1736db62271018c5399ff05c950205
                                                                                        • Instruction ID: d45c19126def50002e6cda6818e4932d07f161dc3de6f49d006bfc5bb546b9e4
                                                                                        • Opcode Fuzzy Hash: 0311226b20a9023d6dc2608d95a1b3e23a1736db62271018c5399ff05c950205
                                                                                        • Instruction Fuzzy Hash: 96317C36500215DFCB00EF68E8549AD7BF2FF8830475485A8E5069B37ADF31A915EBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948B08, Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e3d87af58be6424f66e75136fc4cb7ec02ad6d10f5079dceaef792facf68bc0
                                                                                        • Instruction ID: db7d4172de7afe99ab9f59368519138749a4d3e2ab395370caac8f709a7592fe
                                                                                        • Opcode Fuzzy Hash: 6e3d87af58be6424f66e75136fc4cb7ec02ad6d10f5079dceaef792facf68bc0
                                                                                        • Instruction Fuzzy Hash: 30314871B14204EFC749AB38E85993D3BA2FB883127558A6DE007DB395EF348C41CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945831, Relevance: .1, Instructions: 87COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 94b0673b29222ad0d003db6f190cc866f1cdeb1bfce78d7e9495312a55259c3a
                                                                                        • Instruction ID: 21330fc647c65e45fe41c77e0037a1d5f9d0740dbb7a8fb8e26b27dce2cf9857
                                                                                        • Opcode Fuzzy Hash: 94b0673b29222ad0d003db6f190cc866f1cdeb1bfce78d7e9495312a55259c3a
                                                                                        • Instruction Fuzzy Hash: 28212231B041489FCB08A7FAD850DBEBBABEFD5714B92497AD402DB352DE718C0587A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E416, Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 966796cd0df2e38d17bbafb3ef2581110dc46de434f15549cb60eb979019d973
                                                                                        • Instruction ID: 49342b088dc733f640a329580d5da67d161894b8866ad5868ee68fe85e87a89f
                                                                                        • Opcode Fuzzy Hash: 966796cd0df2e38d17bbafb3ef2581110dc46de434f15549cb60eb979019d973
                                                                                        • Instruction Fuzzy Hash: E7312B30200606CFC758EB3984512AA77A3BFC5304B648D2CD58A9B791DE76E8078FA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029455E8, Relevance: .1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fc01b1d70fbd1f0100b92d207b51283d404288c55761b2910bfa73b6c1f310c3
                                                                                        • Instruction ID: 35514a4c8f41f8c594526a5e7ca6f9830d1c192fe8839876c7b94ba77a0ef112
                                                                                        • Opcode Fuzzy Hash: fc01b1d70fbd1f0100b92d207b51283d404288c55761b2910bfa73b6c1f310c3
                                                                                        • Instruction Fuzzy Hash: CA21C130B40204DFDB149BB8C854BAEBAF6AB88710F550479E502EB3D1DFB54D45CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029401A8, Relevance: .1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a1fafab883f78c88614fcb024b08c610b6f1b50a886a530745f7e7403a0f5086
                                                                                        • Instruction ID: d3640cd27b14123d8f72562d7cd0ca87fcf062648c004ebf32b1dafadf94527a
                                                                                        • Opcode Fuzzy Hash: a1fafab883f78c88614fcb024b08c610b6f1b50a886a530745f7e7403a0f5086
                                                                                        • Instruction Fuzzy Hash: 1F2180B07012159FEB148B68CC80F6A7BE9FFCA744F1004A9E646DB381DA74FC018BA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AD28, Relevance: .1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e2a883fbddfb181fa213c917a34c89ff278d5b86f109fb2f74c56a67ccc50a4
                                                                                        • Instruction ID: 42636ac0935ee7b2138b4f32355eab329cf326c6e1c5750f5771fc24c23ab4e2
                                                                                        • Opcode Fuzzy Hash: 3e2a883fbddfb181fa213c917a34c89ff278d5b86f109fb2f74c56a67ccc50a4
                                                                                        • Instruction Fuzzy Hash: 94215E71A40219DFCB24DF74C851EAEB7B6FF88744F104929E042AB244EF70AC44CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E2D9, Relevance: .1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f69d6159575415817f2b2e1fd09fa4d33d9ae67264f568b18259148086a122c0
                                                                                        • Instruction ID: f2916766d5d264f80e7f7883b6bc8c8db3eaf201b63e60d0be682be58cccee5a
                                                                                        • Opcode Fuzzy Hash: f69d6159575415817f2b2e1fd09fa4d33d9ae67264f568b18259148086a122c0
                                                                                        • Instruction Fuzzy Hash: 7821BD31A04204DBCB169B69C440BBEBBE6BB88319F148979F486DB700DF319C46C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946F8C, Relevance: .1, Instructions: 80COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 743f001b5139ae2d8820caa8d5bc363ffa59ae821ee47ec599f306e627709616
                                                                                        • Instruction ID: 1f92627a0c4b6a20b7ec4bd5f6c61e227f52313bcca59342d4608bf8c6368023
                                                                                        • Opcode Fuzzy Hash: 743f001b5139ae2d8820caa8d5bc363ffa59ae821ee47ec599f306e627709616
                                                                                        • Instruction Fuzzy Hash: 0B314B76610205CBC714AF78D06557D3BA2FB8A3583548A6DE006CB389EF729C4BCBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029421E9, Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 88b08950a3b234711150253c2d02496a57dae4d475b508c9307d6fab5a719c50
                                                                                        • Instruction ID: 1309ac46a75c2a294f2e1051d34e2fb519a87880840c3324c46695104dd8a62c
                                                                                        • Opcode Fuzzy Hash: 88b08950a3b234711150253c2d02496a57dae4d475b508c9307d6fab5a719c50
                                                                                        • Instruction Fuzzy Hash: 85313E30D08209DFCB48DBA8C555BBDBBB1FF45304F1045AAEC02E72A5EB759A44CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294B520, Relevance: .1, Instructions: 76COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 949d33ff76e45829af99d279750b9e28a101d61121cd705ebe75a6bba4d1d979
                                                                                        • Instruction ID: 00416b5640edd1ee894e48fb82c685e94eeb2bbeda0ad331697a6b27c62dfc1f
                                                                                        • Opcode Fuzzy Hash: 949d33ff76e45829af99d279750b9e28a101d61121cd705ebe75a6bba4d1d979
                                                                                        • Instruction Fuzzy Hash: 1221A4B6E106699BCB04CF98D8946AEFBF2FF88314F244969E455E7301D731E811CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944F10, Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: eed148145ad6ffc1013f0d40c1374ff9515092ba67268cccc6c322e2ff02db5c
                                                                                        • Instruction ID: e36beac89a789f97324d1a94073d3631c6c3957c7039dfb3e733a5b2e13b788b
                                                                                        • Opcode Fuzzy Hash: eed148145ad6ffc1013f0d40c1374ff9515092ba67268cccc6c322e2ff02db5c
                                                                                        • Instruction Fuzzy Hash: 5921A532219215CFC304E775E9A0E393B66FBC83117509AF6E0438B65AEF306D05CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029490A6, Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1d0557b6c78358d0ef4b6b89d8e7bb65014c16ab385afd1186b154c60fecf84d
                                                                                        • Instruction ID: 814e3ec5672eb31cacefcaf74b80f4947193c93a548eb180e01339bdf665a387
                                                                                        • Opcode Fuzzy Hash: 1d0557b6c78358d0ef4b6b89d8e7bb65014c16ab385afd1186b154c60fecf84d
                                                                                        • Instruction Fuzzy Hash: 7E314970E1020ACFEB20DF69C855B6ABBB2BF88714F149669D005AB355DF7494C9CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029425DE, Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bde4a93e5b6bfd06eb7c2616c5955a8214ef442b71b556e82e0184226ade60d7
                                                                                        • Instruction ID: a850d7a44ae52f03157519d6708b35068a080352933f859981faf838413f79ea
                                                                                        • Opcode Fuzzy Hash: bde4a93e5b6bfd06eb7c2616c5955a8214ef442b71b556e82e0184226ade60d7
                                                                                        • Instruction Fuzzy Hash: 3E319870E00346CFDB20CF69C840A5AFBB2FF84304F10C22AD8049B2A5EB749949CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948CB0, Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 28802837337675240a938186d668e72411f42be38962c1d0bb7c36bc4235772a
                                                                                        • Instruction ID: 918b90e6a50e58544b1f0e5d7e1fe41144a1577036acc50c8ffa1b6d94f5d5cb
                                                                                        • Opcode Fuzzy Hash: 28802837337675240a938186d668e72411f42be38962c1d0bb7c36bc4235772a
                                                                                        • Instruction Fuzzy Hash: 40313C30E0520ADFCB44DFB8C955ABDBBB1FF55304F2049AAD402A7395DB319A41CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029448B9, Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6dc0a5422282e240122a5cec84adfd598be8d761d9806eb86317d904723bef96
                                                                                        • Instruction ID: 0341d545dfbdf1951d8bac62d6c37c1d536e70cffc7dc393d94a193240d3996b
                                                                                        • Opcode Fuzzy Hash: 6dc0a5422282e240122a5cec84adfd598be8d761d9806eb86317d904723bef96
                                                                                        • Instruction Fuzzy Hash: 89112632B081589FCB05DB78C850EFEBF66BFC5B10B04587AD842B7281DE205A06C795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029450D0, Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c93676a5bc39da32bfaa0d6b2c2430659eb7cb9171825917ea8611388cefb6b2
                                                                                        • Instruction ID: 7eba0ca980ba68067babfb5c57084fac032f2b66519cdc19ec52bacf9dc3fa6f
                                                                                        • Opcode Fuzzy Hash: c93676a5bc39da32bfaa0d6b2c2430659eb7cb9171825917ea8611388cefb6b2
                                                                                        • Instruction Fuzzy Hash: D1117F31D0434A9FDF01CFE4C855AEEBFB2AF99310F514929C509AB251EB70654ACB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029461D1, Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a881471bd6ca3a0d35170dae0a81b3df0308f90ff9520e15f1c234c82fefda32
                                                                                        • Instruction ID: 7264083388fbc4b303d7b836c751201f2d0a65e479cda62688ba1fe06ab5781a
                                                                                        • Opcode Fuzzy Hash: a881471bd6ca3a0d35170dae0a81b3df0308f90ff9520e15f1c234c82fefda32
                                                                                        • Instruction Fuzzy Hash: B62103B1B14145EFCB14EBB88411BBE2AEAEBCA710F14057AD906F7784DE309C41C7A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294D879, Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 68706c1a180e1d463a5a562e5a7599106236a5c6aef90b2ed9d9d831d68ee2a4
                                                                                        • Instruction ID: ddfdbca45cf0029c1192861b85aa3ce32e51be83d315bacb79c45c707ebd135e
                                                                                        • Opcode Fuzzy Hash: 68706c1a180e1d463a5a562e5a7599106236a5c6aef90b2ed9d9d831d68ee2a4
                                                                                        • Instruction Fuzzy Hash: E721CE71700315CBCB58AF28D16506A7BE2EB893187648DACA40A9F356DF72D807CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945840, Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 372aff276979d857eb08e470451124c14f10bb048119784db574cdd41b81b6b3
                                                                                        • Instruction ID: 37a056dbe05f41f3bcaf9bcab5fcac53ce748f3d0fe535e733d7290d411ad699
                                                                                        • Opcode Fuzzy Hash: 372aff276979d857eb08e470451124c14f10bb048119784db574cdd41b81b6b3
                                                                                        • Instruction Fuzzy Hash: E111D071B001049BCB08A7FAC850D7FB6EBAFD8B18BD1493AD4029B355DD719C0187A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AD19, Relevance: .1, Instructions: 69COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a63743a9ede23859b70e9134a1d59edb8a7ddae57091c6544da90916c20001b2
                                                                                        • Instruction ID: d4df1ade69ca7e61c34d4c2bd777c9efade9a5094c1f3a5f076e81730aa4f279
                                                                                        • Opcode Fuzzy Hash: a63743a9ede23859b70e9134a1d59edb8a7ddae57091c6544da90916c20001b2
                                                                                        • Instruction Fuzzy Hash: E6119075B84214DFCB28DE64D951EAF7BB6FF88741F10492AE042AB244EF70AD40C7A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E750, Relevance: .1, Instructions: 68COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5c3ea3a902ce8fc3d225750ba96d3b7a07e3258b7786a1979354964b7d5a2b79
                                                                                        • Instruction ID: 9d845b71991b4ac3ddd6f05e6003c7cb0ec497eb6fe08b813212f7ab2e6b281e
                                                                                        • Opcode Fuzzy Hash: 5c3ea3a902ce8fc3d225750ba96d3b7a07e3258b7786a1979354964b7d5a2b79
                                                                                        • Instruction Fuzzy Hash: 65214235A00118DFCB54DF68C551DBEB7F5FB48720B20856AE686A7240DB35AD01CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945000, Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e4190eeb288000cd7e45d6d18b76babffbe10ec7b9e3da3981ede8a49bad60d9
                                                                                        • Instruction ID: ca07f91eede5fc8568ab357dc65498e33ea360ea91d45f52f1f5369527a82c19
                                                                                        • Opcode Fuzzy Hash: e4190eeb288000cd7e45d6d18b76babffbe10ec7b9e3da3981ede8a49bad60d9
                                                                                        • Instruction Fuzzy Hash: 5911A236A04115CFCB54EBB8846076E7BE1EB88710B954579D90AD7345EF30AC01CBE5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944511, Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 45c95c0df247d478d9fd3ec84f61432f41d31d04db013f0d873b995add57dbe3
                                                                                        • Instruction ID: 46af355176860d5151348218668407d820ee6c4bda08e20d8df03e20110372f7
                                                                                        • Opcode Fuzzy Hash: 45c95c0df247d478d9fd3ec84f61432f41d31d04db013f0d873b995add57dbe3
                                                                                        • Instruction Fuzzy Hash: 4D11E332E081408BCF059B6994206AFBBBA9FC6311F05417AAD06DB390EE619815CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02960845, Relevance: .1, Instructions: 63COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499587217.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a97116040850cf36ec0e9865763608108b7e9f7d18cce8fce3cc848c2075e72a
                                                                                        • Instruction ID: b80b9c3b439ec35ada7322f159c1249a20d013f5bfa6b8507af055b5fbd0da28
                                                                                        • Opcode Fuzzy Hash: a97116040850cf36ec0e9865763608108b7e9f7d18cce8fce3cc848c2075e72a
                                                                                        • Instruction Fuzzy Hash: F2214F3514D3C58FD713CB24D8A4766BFB1AF47214F1985DED4858B6A3C32A8817CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294837D, Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc5f5ea0f9f2a31d68adc1383059e32b6446e9897f4e96f63532c181771d4874
                                                                                        • Instruction ID: 1f2b3333846d5291885a4dc66529ed88d5132a46c4109947148ef6de98bb74e4
                                                                                        • Opcode Fuzzy Hash: bc5f5ea0f9f2a31d68adc1383059e32b6446e9897f4e96f63532c181771d4874
                                                                                        • Instruction Fuzzy Hash: E3215E34604214CFCB24DF79D490AADB7B2FF84314B5086A9D84A9B346DF30E802CF51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E740, Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bd6485c82858d1eeef7750caf3608235b7a174e58f12d81ae1577dd61f996310
                                                                                        • Instruction ID: bd43f08e48b00581e7fb2e5eb8fa8741e54534ace1f8ab6d68981a14ff94d5a9
                                                                                        • Opcode Fuzzy Hash: bd6485c82858d1eeef7750caf3608235b7a174e58f12d81ae1577dd61f996310
                                                                                        • Instruction Fuzzy Hash: 62115E35905108DFCF54DF68C981EBEBBF9FB48320B11856AE68AE3641DB35AD01CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294CD68, Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a12847b1adf0b25232312d828374fcd408e3d81c73ff210c676408d56ac41df5
                                                                                        • Instruction ID: 30b66b65d7a507bcd4c742a0813eb96d7aba90b402433c28dbfda4d340af9d98
                                                                                        • Opcode Fuzzy Hash: a12847b1adf0b25232312d828374fcd408e3d81c73ff210c676408d56ac41df5
                                                                                        • Instruction Fuzzy Hash: 2C115171B011109FC748EB79C450E6E7BEBAFC8754714816AE806DB355DF32AC12C7A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945730, Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 607f3637e888bac9d269e63f2ca9df52ad5ad3840694b9dbc0516785088dff4e
                                                                                        • Instruction ID: 865dd656178858c2a68675d7bd4fcffa2c006a5354475793194932ae5ff3d66d
                                                                                        • Opcode Fuzzy Hash: 607f3637e888bac9d269e63f2ca9df52ad5ad3840694b9dbc0516785088dff4e
                                                                                        • Instruction Fuzzy Hash: B1118F32A54204CFD714EFB5E851EBE7BB5FB48340F60457AD404AB389EB329902CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294CE98, Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e3be11211f0e4e4b9c7e70e3d3e3e6e69220d9a943eb55ff7d75862c2f326ca
                                                                                        • Instruction ID: f377aec88765b56f02baa46fa78b72fa0cd4f46bc0b2c5e042140b5e1e1e5761
                                                                                        • Opcode Fuzzy Hash: 3e3be11211f0e4e4b9c7e70e3d3e3e6e69220d9a943eb55ff7d75862c2f326ca
                                                                                        • Instruction Fuzzy Hash: 81119870309201CFC714BB28C51097E7BA2DFC17047848A6EA04B9B341DF76EC06C766
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294D0E8, Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b96a2d3d7dc0917f2a673a9118d28573f872d4b127d6465bc727160aeb7bc8ab
                                                                                        • Instruction ID: 5605454087451c13b2261d07b71d575992edeba23e92302979eaf6533f567731
                                                                                        • Opcode Fuzzy Hash: b96a2d3d7dc0917f2a673a9118d28573f872d4b127d6465bc727160aeb7bc8ab
                                                                                        • Instruction Fuzzy Hash: D7110A38300601AFC628DA55D990E66B3EAEF8C714B14C91AD95A87B50CB71FC52CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0296087C, Relevance: .1, Instructions: 59COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499587217.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4fdd1aaaac22a540cae687764ff3ecd407b0455b80cdd942706e26ec1d10825f
                                                                                        • Instruction ID: 32dac1cce8d36c0635c0033c1898d856cb7bf945d355f532ef9d35b663ce3faa
                                                                                        • Opcode Fuzzy Hash: 4fdd1aaaac22a540cae687764ff3ecd407b0455b80cdd942706e26ec1d10825f
                                                                                        • Instruction Fuzzy Hash: B711E430204244DFE705CB14C888B36BBD5FB88708F24C99CE9495B782C37BD813CA91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294CA80, Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f06de415d592f1137858cf8b551ac6f2e45c755e06552abb521bc4e71a899a7d
                                                                                        • Instruction ID: 170d07ee2addb0d576f02b55f4c285d6062bf991124081f1e82f7969c7263fea
                                                                                        • Opcode Fuzzy Hash: f06de415d592f1137858cf8b551ac6f2e45c755e06552abb521bc4e71a899a7d
                                                                                        • Instruction Fuzzy Hash: BB11AC31304254EFD704AB39A858B3D3BABEBC9712F550969E506DB388EE309C46C7A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029411DF, Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e38fecddcff0759144ce345066385fb28baf8871115126fbb9c31409bdcde684
                                                                                        • Instruction ID: 0023e8ff842c6105f164b52d6b325c8475d9c2ebea5907df989497c2600c56b0
                                                                                        • Opcode Fuzzy Hash: e38fecddcff0759144ce345066385fb28baf8871115126fbb9c31409bdcde684
                                                                                        • Instruction Fuzzy Hash: 6C11A135308190CFC7069B38C468D6A7FF5AF9A20071945EBD84ACB2B6CE658C49CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E149, Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9fdfcc2909dd8427851f178ca5f239b194e0e5b3dfffbf6c32ee467fd9cce4e8
                                                                                        • Instruction ID: 799c4254e16f04ae0fe87bca7dcff0ff9db8fb0797985ab58091af044bdae042
                                                                                        • Opcode Fuzzy Hash: 9fdfcc2909dd8427851f178ca5f239b194e0e5b3dfffbf6c32ee467fd9cce4e8
                                                                                        • Instruction Fuzzy Hash: 52019E71B01210EBCB0827B99819A2E7A9BFBCD764B50493AF406D3741DD358C0283B0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944FF0, Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1ca9430fe9569ec0cd7ebb8af4aabe4abc95631a65fde6e77b324e74ca5bf865
                                                                                        • Instruction ID: e6eab9c099e300792c87727154ba2a35c5dd81a58b15c06af9ee55d92117c06d
                                                                                        • Opcode Fuzzy Hash: 1ca9430fe9569ec0cd7ebb8af4aabe4abc95631a65fde6e77b324e74ca5bf865
                                                                                        • Instruction Fuzzy Hash: 4701D636E04205CFCB50DBB85862BFE7BE0EB98210B95447AD409D3281EF205542CFE2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294872F, Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9bb036c19e7f2ec423ca2ef2641d801d287d3ae50a666ae981e035ad2d128aac
                                                                                        • Instruction ID: b7e67ddc38035882c901f7a4cced87d303c2e1457410f19c8d8ed0e09ca86036
                                                                                        • Opcode Fuzzy Hash: 9bb036c19e7f2ec423ca2ef2641d801d287d3ae50a666ae981e035ad2d128aac
                                                                                        • Instruction Fuzzy Hash: 0D11E736908244DFCB11CB64D814EEDBFF1FF49304F1448A9D542A72A1DB315D09CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029454F8, Relevance: .1, Instructions: 55COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 76c4151ec8fb860057dfabf2c79a4b2252084186560f2ae25b2237eed1e224d7
                                                                                        • Instruction ID: 236b929c63166ce53dde09b409f9917a158e9507c2deebea7d777985e2ea3616
                                                                                        • Opcode Fuzzy Hash: 76c4151ec8fb860057dfabf2c79a4b2252084186560f2ae25b2237eed1e224d7
                                                                                        • Instruction Fuzzy Hash: B2119A32A55204DFCB04EFB8E861EAE7FB6FB8C700B404869D105D739AEB315901CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944789, Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fbad9b8364c14043dcef650f61bc4544b95011041e070f268469c9c4212f7e53
                                                                                        • Instruction ID: b5fc03d54391ac455d1ac6daffe915389e665ddaa46343c695d192c8e6130ed4
                                                                                        • Opcode Fuzzy Hash: fbad9b8364c14043dcef650f61bc4544b95011041e070f268469c9c4212f7e53
                                                                                        • Instruction Fuzzy Hash: CF018032E411588FCB55EB7C98526AE7FE2EB89310F20447ED449E7281EA354A42CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DBAEC0, Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497888250.0000000000DB2000.00000040.00000001.sdmp, Offset: 00DB2000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8bb43e04b2bd386e22de1fea87a288041fe40271ab8f2a0318f10afd3d5f99be
                                                                                        • Instruction ID: bbbfa249d1820409f3ef2a9107c9cfad6585a6e34c246d016a9037824158ca2b
                                                                                        • Opcode Fuzzy Hash: 8bb43e04b2bd386e22de1fea87a288041fe40271ab8f2a0318f10afd3d5f99be
                                                                                        • Instruction Fuzzy Hash: F011ECB5608301AFD350CF19DC80A57FBE9EB88660F04892EFD9997311D271E9048BA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945740, Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 442dae390c5355e81ebd4d86bef13f12503bc5c3b015fc60157f9a1a74ca73dc
                                                                                        • Instruction ID: c0de48afbd8be3ad11a0eae7ca7191fdb510b5ed69444423c0ea684424531873
                                                                                        • Opcode Fuzzy Hash: 442dae390c5355e81ebd4d86bef13f12503bc5c3b015fc60157f9a1a74ca73dc
                                                                                        • Instruction Fuzzy Hash: E5116132A50208CFD714EFB5E951EBE7BB5FB48340FA04579D505A7388EB329901CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AC90, Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5696e724897414f8214a3fb1af0c2fdf077e845ff7c42ec620c9af8897d8c929
                                                                                        • Instruction ID: 9599855a5f4ffeeb8db53afbe67a799b0efbedd6e5952064f0240b7b64c7c1ec
                                                                                        • Opcode Fuzzy Hash: 5696e724897414f8214a3fb1af0c2fdf077e845ff7c42ec620c9af8897d8c929
                                                                                        • Instruction Fuzzy Hash: E701B131A88108CBDB588A58D460EBFBBB59B8831AF10486EC407AB680DF716E01CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E158, Relevance: .0, Instructions: 50COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0200d1879d87d3da68ce1c2c7eea7327aaf4f82bf35ba2a50338604ca5406cc1
                                                                                        • Instruction ID: 6a7d9f2aeabbcb66b312577f8760f7d34a0a983c83d6ccea49fc6162c68dcfc9
                                                                                        • Opcode Fuzzy Hash: 0200d1879d87d3da68ce1c2c7eea7327aaf4f82bf35ba2a50338604ca5406cc1
                                                                                        • Instruction Fuzzy Hash: 34018F71B00324DBCB1827BA981892F7A9BFBC9764B50493AE406D7341DD328C02C7B0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AC81, Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e5ec2141c6c2af4751df3605e028ce42bccc0b0f3de5f4983a3af135b581084b
                                                                                        • Instruction ID: 0b1f807aff8a7825ef4fe10ddf10376e2026047cbae7091ba993000b31592e5c
                                                                                        • Opcode Fuzzy Hash: e5ec2141c6c2af4751df3605e028ce42bccc0b0f3de5f4983a3af135b581084b
                                                                                        • Instruction Fuzzy Hash: 7F019E71A881098BD798DB18C8A0E7FBBF19B8430AF14482DC403AB380DF71AE06D791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294A6F0, Relevance: .0, Instructions: 47COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9efebccee408b1c263472083029e00fdf64e0aefd007a72b7f68770673406abb
                                                                                        • Instruction ID: d5a9dfac3b506f8c1b2a61199b7dcedfa8e20d900456549dfc0852731256fa5f
                                                                                        • Opcode Fuzzy Hash: 9efebccee408b1c263472083029e00fdf64e0aefd007a72b7f68770673406abb
                                                                                        • Instruction Fuzzy Hash: 52F04671B8400067C668227D9CA1F7E3A9EF7C1330BA04628B016EF3C4DD548C0283B6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946E88, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3224ea60f8d74f092fecef4512698b663e49d8d48491084ca1ad85cfeb8380f4
                                                                                        • Instruction ID: 8ada22c92f419de8f4a807f9eaa1529b48cea4443eda32a407571e87911ba45a
                                                                                        • Opcode Fuzzy Hash: 3224ea60f8d74f092fecef4512698b663e49d8d48491084ca1ad85cfeb8380f4
                                                                                        • Instruction Fuzzy Hash: AD01B1B2E04248DFCB10EB78D851BAABFF4FB45200F1042BAC444E7286EB308941CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294CA71, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7514d73a5f11bb4178011852d26c3f7e6936469cb7323a2e39bfdc917268d8cc
                                                                                        • Instruction ID: 117cf609bd410d39139adaeb0dd3c36cffa97bf3dfa4a5771ebb699529e31a13
                                                                                        • Opcode Fuzzy Hash: 7514d73a5f11bb4178011852d26c3f7e6936469cb7323a2e39bfdc917268d8cc
                                                                                        • Instruction Fuzzy Hash: 3A019E31305254EFC701AB38E499B3D3BEBAB8A612F1509A9E506D7399EA319C85C760
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AF40, Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8374342683292d40fd07add4552cfbd5617c3d89fd6359213553caef27cff4ce
                                                                                        • Instruction ID: 1e8649390001e528cf28192514d88b3d3cae3925eb03baac4157fcb3d1ae1a5f
                                                                                        • Opcode Fuzzy Hash: 8374342683292d40fd07add4552cfbd5617c3d89fd6359213553caef27cff4ce
                                                                                        • Instruction Fuzzy Hash: 70014FB2A10219DFCF50EBB9A805BAEBBF4EB88210F10457AD609E3240FB319504CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946E98, Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dd49571db2240017546512f6f0fd562a4651c643731540c72688e986470874a5
                                                                                        • Instruction ID: eb6a43d23badc9a7e5ba1f212fb021fe6698e6522aa7ae23b75d68e8403a739e
                                                                                        • Opcode Fuzzy Hash: dd49571db2240017546512f6f0fd562a4651c643731540c72688e986470874a5
                                                                                        • Instruction Fuzzy Hash: 50014FB2E00108DFDB50EB79D8517AEBBF8EB88610F20027AD508D3285EB319954CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294B0B0, Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f8165a4f93add46e36707475f775c198a174838efc20bbad820c2d169c5ca4d3
                                                                                        • Instruction ID: 849d204f7b9b3ce7c27d94e1decb7890040605be27384c249f2e0a12ba2476d4
                                                                                        • Opcode Fuzzy Hash: f8165a4f93add46e36707475f775c198a174838efc20bbad820c2d169c5ca4d3
                                                                                        • Instruction Fuzzy Hash: E601A232700204EBC700BB38D8566297BA6EB8D319B188569E50BDB755EF31DC42C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944710, Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 48d971a868385d60c40806a92377311bacd1a3e332ed2ae6e72f69ebfb8eb1f9
                                                                                        • Instruction ID: 459fd187d3048146952af9d1759b7fe1f5d45d4a0f2458f8e8b7d1100bbf16b5
                                                                                        • Opcode Fuzzy Hash: 48d971a868385d60c40806a92377311bacd1a3e332ed2ae6e72f69ebfb8eb1f9
                                                                                        • Instruction Fuzzy Hash: 9EF059337002508BCA2463BD6410FBE32EA9BC6B65F84043EE60AC7780DD368843D7B0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029468CA, Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4e5c5479e6b21c653cbcb789ad7623faa979fe994987f7e40dc94897cb0ba12f
                                                                                        • Instruction ID: ec48462608cef3603acc90233a935a7c42a8fef9b17b3ec97b88fa1ee9c2328b
                                                                                        • Opcode Fuzzy Hash: 4e5c5479e6b21c653cbcb789ad7623faa979fe994987f7e40dc94897cb0ba12f
                                                                                        • Instruction Fuzzy Hash: B2F02872B08244DFDB185774A8209FE7FF9A7C6650F00087BD54AD3241EE214901C7D2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02941218, Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3b4e689fe1c599af5b939aa99f6e82eaa79f311328f26a8f95d7548ad59e573
                                                                                        • Instruction ID: aca85c8f4d3b872db16f8d3ce65788a889b4968b4f6e1b475a9798439a125209
                                                                                        • Opcode Fuzzy Hash: e3b4e689fe1c599af5b939aa99f6e82eaa79f311328f26a8f95d7548ad59e573
                                                                                        • Instruction Fuzzy Hash: 45013131304014CBC648AB6CD158D6E77EABFC9710B2544AAE90ACB775CF759C49CB85
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AF31, Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9de5f677c615152e91aec7d3e91a2eb1530971eaf22e4173441ea9b368d30978
                                                                                        • Instruction ID: 05601d72420687d2c574b9017962d68129ca4a14c16216520c87bb58721ea73e
                                                                                        • Opcode Fuzzy Hash: 9de5f677c615152e91aec7d3e91a2eb1530971eaf22e4173441ea9b368d30978
                                                                                        • Instruction Fuzzy Hash: 4D0162B2A10219DFDB50EBB99905B6EBFF5EB48310F104565D645E7344FB309504CBD1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947868, Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 838ce9da6559bb400b7732ecc3fdb81a7e83c3f7efb5010df2a20d25aa991d62
                                                                                        • Instruction ID: dabaf84b1349b2d155bb37c2318d70001a246f60950701388e50a9b9216a3e1f
                                                                                        • Opcode Fuzzy Hash: 838ce9da6559bb400b7732ecc3fdb81a7e83c3f7efb5010df2a20d25aa991d62
                                                                                        • Instruction Fuzzy Hash: FEF02B7174811457C75466BD6C90EBD6B57FBC5330764066AB116EF3C5EE604C06C3B2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029605D7, Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499587217.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e295bbeaa7f81db9eb77d5fbec94c642bb4ec7280b8fcfaea9eb58b42e75a03f
                                                                                        • Instruction ID: 563917a136ff66445fb962f2960bc5cd2c7bfe4e24eb9d0184b1f7e7203dea91
                                                                                        • Opcode Fuzzy Hash: e295bbeaa7f81db9eb77d5fbec94c642bb4ec7280b8fcfaea9eb58b42e75a03f
                                                                                        • Instruction Fuzzy Hash: 4FF049B65097806FD7118F16DC41862FFA8EB86630749C59FEC498B612D265A908CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948A28, Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 21a8a6e0beeca5e3e361d8d646537e2d3f0101bacabd67f35ca2767c65e124f9
                                                                                        • Instruction ID: bb70dc9a5a1679940f820e891db7677fefa98694c0290e5835f1fdd000766f27
                                                                                        • Opcode Fuzzy Hash: 21a8a6e0beeca5e3e361d8d646537e2d3f0101bacabd67f35ca2767c65e124f9
                                                                                        • Instruction Fuzzy Hash: 2201E5B5D44209EFDB44DFA9C590AADBFF2EF89300F1081AAD808A3355E7705A45CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029464C1, Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 98a8762f39828039714d111c12fd033e935a0e5776fcbcb9dc826253c0844dca
                                                                                        • Instruction ID: cd4eb0ccd9163d5a3923ebaa16b63457a61e73a547291256d9df066c91e69ad5
                                                                                        • Opcode Fuzzy Hash: 98a8762f39828039714d111c12fd033e935a0e5776fcbcb9dc826253c0844dca
                                                                                        • Instruction Fuzzy Hash: DAF04C71F0C0549FDF1082784C24DFEAFA997C6224F4406BEDA06E33C6EE148905CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294A681, Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8add198be26ffa3961bc8574817a49f17127d757e62be692eb5da22f1c2fdaa1
                                                                                        • Instruction ID: 4024adcce74fc4fb0aa295f8e162d1634958dd15f493452c422d2e838f8b10fe
                                                                                        • Opcode Fuzzy Hash: 8add198be26ffa3961bc8574817a49f17127d757e62be692eb5da22f1c2fdaa1
                                                                                        • Instruction Fuzzy Hash: 54F04631205201AFC704AB38E8266B93FABEBC635970D852EF00AC7740DE328C03C3A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947878, Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 89032ad2240d39eb93b2843dd80f8255ad2c0a351a960419a96f59cb7074524a
                                                                                        • Instruction ID: 7932ca9ddd0739eb4dc16fa3dd3f79340a63f75be5e65032a9db5f36608d4a4d
                                                                                        • Opcode Fuzzy Hash: 89032ad2240d39eb93b2843dd80f8255ad2c0a351a960419a96f59cb7074524a
                                                                                        • Instruction Fuzzy Hash: ACF0E97174811857C64466AD5C90EBEAA8AFBC53307604A39B11A9F3C4DE608C01C3B2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945CD0, Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c9930808cd33bfc092cba0600f29c67cb0610950d89fce3a7f7b02451a1a9987
                                                                                        • Instruction ID: e471a60806c59af1dc31aaa5de5f80e4b8ccfe877ba86d80c264d922b0daa934
                                                                                        • Opcode Fuzzy Hash: c9930808cd33bfc092cba0600f29c67cb0610950d89fce3a7f7b02451a1a9987
                                                                                        • Instruction Fuzzy Hash: 66F04972E041049F8B40EFBC984569E7BE6AF89264B2601BAC408E3341EA319902CBE5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294B0C0, Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3913398c342f2d3276806ecf5269ee9a5f20a919fe5759f72f7eb6cf9b9c28b4
                                                                                        • Instruction ID: 6899a02e3f88cb7ce2a0c6ebe164326e83d4f61694b4a7125f4f6e11b26d0200
                                                                                        • Opcode Fuzzy Hash: 3913398c342f2d3276806ecf5269ee9a5f20a919fe5759f72f7eb6cf9b9c28b4
                                                                                        • Instruction Fuzzy Hash: 62F08C31700214DBC704BB38D42692D7BA6EB88319B148969E50AD7758EF31DC42C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948531, Relevance: .0, Instructions: 39COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0c73024f877bbe79462e97366545e24e14f1dd62ccf24cb85a83b98c53011b5
                                                                                        • Instruction ID: 58accb5f5ad053ca10acc4f8584af6d1e736511fc2eef008a5b437d792fb5f4e
                                                                                        • Opcode Fuzzy Hash: c0c73024f877bbe79462e97366545e24e14f1dd62ccf24cb85a83b98c53011b5
                                                                                        • Instruction Fuzzy Hash: E0F09071E08245CFC700D778AC85CAEBFB2FE81200B1449F7D006E7111DA314905CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029468D8, Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8891d6b8e27f61fd30f3eea9ec87ddfe9e8fa2373c6cbc4352e6d801ef81f95
                                                                                        • Instruction ID: f12c69bf92fddd5c43aba701ed0dccaba7af13e47dffe94b99077c5af7cd16cb
                                                                                        • Opcode Fuzzy Hash: e8891d6b8e27f61fd30f3eea9ec87ddfe9e8fa2373c6cbc4352e6d801ef81f95
                                                                                        • Instruction Fuzzy Hash: 67F0E9B1B04114DBDB1C9229D810EBF7BED97C6690F000C6BC90793340EE605A05C2D6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945E20, Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9378d5a431fba124af857719623526212c012177ea13586a4ff95b7ef0375c21
                                                                                        • Instruction ID: eb2fccd2a9e1ac761e34a206431fe2462a349263bf637deb0b953004dafd9341
                                                                                        • Opcode Fuzzy Hash: 9378d5a431fba124af857719623526212c012177ea13586a4ff95b7ef0375c21
                                                                                        • Instruction Fuzzy Hash: 78F0BE71F402199F8F50EFF85849AEFBFF8EE94214B51453AE00AD3180FA308101CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944700, Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 511292ac6d1ffb2801ed0542aa1e5afc7dc68544667bf045c36e86775be24c39
                                                                                        • Instruction ID: 652d4e092f1d5b8f7d65255f8d55f622475dc7cac6cf50cc468441c45329f850
                                                                                        • Opcode Fuzzy Hash: 511292ac6d1ffb2801ed0542aa1e5afc7dc68544667bf045c36e86775be24c39
                                                                                        • Instruction Fuzzy Hash: 8FF0A7363091909FC71653B86460FB93FB59BC7610F1514BFE506CB692DD664C02C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294EB59, Relevance: .0, Instructions: 37COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8d60cf7b3b4158a56ca6c08e7d042918ea1839fc73128b0dc1bdc8511de93255
                                                                                        • Instruction ID: dfef6a8822bb151d586472f9ea6ebfd8c96c339fb42135b4822f200b0872200e
                                                                                        • Opcode Fuzzy Hash: 8d60cf7b3b4158a56ca6c08e7d042918ea1839fc73128b0dc1bdc8511de93255
                                                                                        • Instruction Fuzzy Hash: 64F05C3260422867EB21115BDC88FB66ECDB784328F054B7DEDCBD7742DD444800C265
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02944F68, Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: af0901e57b2ef5e0418e71bc78942cb12b8fbf5095c02fd1f08b9d38a8deb1fd
                                                                                        • Instruction ID: ac3ee5c7038c96ca772a532571da0982f69041542b1a17a159d771081a879cc2
                                                                                        • Opcode Fuzzy Hash: af0901e57b2ef5e0418e71bc78942cb12b8fbf5095c02fd1f08b9d38a8deb1fd
                                                                                        • Instruction Fuzzy Hash: 37F0E773158205CFC200F769FAA1E693B76BB887107609AB590024775EEF702909CB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946836, Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ae152b913d34605b9c0b757d128234308d2bb4fb64a6ced6727ba2e5bde00975
                                                                                        • Instruction ID: ac1c563a0f4c92873fc0013bfd69cbdc51d0e9ab176712ce86cf91c9c111a059
                                                                                        • Opcode Fuzzy Hash: ae152b913d34605b9c0b757d128234308d2bb4fb64a6ced6727ba2e5bde00975
                                                                                        • Instruction Fuzzy Hash: 67F0A7B2A0C545CFDB0016A56811AFC7F6CEBC2251F140A6BD607D6751DF944845CF66
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029445B9, Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ac4007e4916b0f97b4c274b0ef90e571932433dd8717c44debbe5956428daca
                                                                                        • Instruction ID: d63c8cf9d9a0d61ad2ef2e29579c0ffb52388690c102ba4e80821fd7fe957f0d
                                                                                        • Opcode Fuzzy Hash: 0ac4007e4916b0f97b4c274b0ef90e571932433dd8717c44debbe5956428daca
                                                                                        • Instruction Fuzzy Hash: 8CF0E231E093999FCB11DBB85C53AAFBFF8EB8A200F1400BFE108D7192E22009048771
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294CD58, Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 49a70a73f342ce67a27e30ddd4759a695dc25e2eb4c37cd69de025886165f4e3
                                                                                        • Instruction ID: 000e33700140809e64108013108314083b32284afe247f8e36bd154711feae5a
                                                                                        • Opcode Fuzzy Hash: 49a70a73f342ce67a27e30ddd4759a695dc25e2eb4c37cd69de025886165f4e3
                                                                                        • Instruction Fuzzy Hash: AEF0E573B451205F8259635D5810A6F2BAF9BC4A6036A422AF945E7341DE22AC0683F9
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029464A0, Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bcff8b2781b2324c5ca49bd932aa2fa2bf6b81322914a92d2286960a99f0c12a
                                                                                        • Instruction ID: c945ce3735e833d898264a5f80e7b7209d86685ababe76cf5fa6f6d5db9dbab7
                                                                                        • Opcode Fuzzy Hash: bcff8b2781b2324c5ca49bd932aa2fa2bf6b81322914a92d2286960a99f0c12a
                                                                                        • Instruction Fuzzy Hash: D3F0ECB6F04010CFCA14969C5410DFCA75DEBC225C78448BBDA0BC7249EE16C902CA41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940908, Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 04004fa5cb29d5affa3146185cbb07ec5fb59d646ee32541f42335879461509a
                                                                                        • Instruction ID: 1a95442492a1a3fee96a8af170b62156fbcc664ff02aa65ea60420b7189c9076
                                                                                        • Opcode Fuzzy Hash: 04004fa5cb29d5affa3146185cbb07ec5fb59d646ee32541f42335879461509a
                                                                                        • Instruction Fuzzy Hash: F0F0273155D3449FE3195AB58C18D6B3FB99B86340B0648BB9E0297241CDB80806C392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945D5F, Relevance: .0, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b3d1dbeae98a29a25e0668ffc52c0bde84157010184e7ab3390cf002a7ec8ac5
                                                                                        • Instruction ID: bed594b779c6f6185be78f4590e9fa293c8938fd3a820ec39e7f66ab428795c1
                                                                                        • Opcode Fuzzy Hash: b3d1dbeae98a29a25e0668ffc52c0bde84157010184e7ab3390cf002a7ec8ac5
                                                                                        • Instruction Fuzzy Hash: ECF05C3170C184CFCB2A53F15859EEE7F71DEE300438A46EBC506CE062DE204806D752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940918, Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7271e2283924abcd46966dc7607b58ac69e45562baef3236cd74eb31f242f5d5
                                                                                        • Instruction ID: b95efd3c01dca44e2485ace718c7f8b8c3d307a2f682ea9fe84d97ad7304a261
                                                                                        • Opcode Fuzzy Hash: 7271e2283924abcd46966dc7607b58ac69e45562baef3236cd74eb31f242f5d5
                                                                                        • Instruction Fuzzy Hash: 15E0E532A59218DBDB585AF8DC049AFBBA9D7D5650F004D779F07A3340DE70480582D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029446A9, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9f91112805fc9ae575725f55e272bc3ed32252467fb538d565b564ca86ad82ad
                                                                                        • Instruction ID: 4334e07f8fe0d0193873c909c0462dd3d9b5e56798ea4e42ec537a912d4a0490
                                                                                        • Opcode Fuzzy Hash: 9f91112805fc9ae575725f55e272bc3ed32252467fb538d565b564ca86ad82ad
                                                                                        • Instruction Fuzzy Hash: AAF06C2174D1908FCB1257B864756BD3FA5AF86301B1904EBF546CB6B2DD198C068392
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02943BC4, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 495d2f671fa2e8238092c8c1fe96c63c3232188bb9d23a6833364db8eddf2816
                                                                                        • Instruction ID: 7efec1a91234f38175a699f2f2d5622632906f389b20a070dbd04f652836e604
                                                                                        • Opcode Fuzzy Hash: 495d2f671fa2e8238092c8c1fe96c63c3232188bb9d23a6833364db8eddf2816
                                                                                        • Instruction Fuzzy Hash: 4AF0FE72B04129CFCB40FAA9D491AACBBB1FB84710B31459AD4159B249DF309D85C799
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E598, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 46d29c22dc9fc507a3151c41070e7f4cda0dadf09aa5a8832ac68b8d3c05eb64
                                                                                        • Instruction ID: 7534d3210c64f5c62dc35795186637c15b61364febe7d955bb2e360dc20ab84d
                                                                                        • Opcode Fuzzy Hash: 46d29c22dc9fc507a3151c41070e7f4cda0dadf09aa5a8832ac68b8d3c05eb64
                                                                                        • Instruction Fuzzy Hash: 23F0A7312092509FC712EB6CC86186A7FA9DBC22647148C6EE186CB342EE61E805C3A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946120, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3507bd6c64a82d5f79d13fc53449866cad04208e8409caea1e4aa631c7ee4e4
                                                                                        • Instruction ID: 86b5f8f9cb516d0cf76ef3f3349b45a2c0e94daeb5e0e9f2d4923dcaceae6680
                                                                                        • Opcode Fuzzy Hash: a3507bd6c64a82d5f79d13fc53449866cad04208e8409caea1e4aa631c7ee4e4
                                                                                        • Instruction Fuzzy Hash: D9E065307093555FC31657795821A6AAFAA9BCB311B1544BFE145CB3A2CC654C068375
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294EAD8, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8bcc6a991e618147f99c45c66ee772c9dde12fd545b7dbb98068982112420766
                                                                                        • Instruction ID: 87c1f2610739e4f601eb344475e56bf5741d91564ab0e554d7a0e38e867e9727
                                                                                        • Opcode Fuzzy Hash: 8bcc6a991e618147f99c45c66ee772c9dde12fd545b7dbb98068982112420766
                                                                                        • Instruction Fuzzy Hash: 61F0E53220121057C715D76AD465BAEBBE9DBC1710744882EE54B8B741EE61ED02C3A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945FD0, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2656a0dcf43d452091880534f391459cad9e4a5a20cbe12c2ef6eac47e3ace8f
                                                                                        • Instruction ID: c8386b86180c999a08b698000a33352847f425da36ba87ac45235aa5ab7bde4d
                                                                                        • Opcode Fuzzy Hash: 2656a0dcf43d452091880534f391459cad9e4a5a20cbe12c2ef6eac47e3ace8f
                                                                                        • Instruction Fuzzy Hash: 7DF03A75E0928A9FCF10DFB898469EEBFF4EB8A200F1005BAD149E3241E23505118BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02960938, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499587217.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                                        • Instruction ID: 2dfd71ec1015d6f733b82f36e78e23a02587879648765f3a451f5ddf3568463d
                                                                                        • Opcode Fuzzy Hash: 693b7c54016a59cdbfed5bf97d611671327a7796b2b33607a59a4987e9e37b45
                                                                                        • Instruction Fuzzy Hash: 1AF0FB35104645DFC606CB04D984B25FBE6FB89718F24CAADE9490B752C3379823DA81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294A698, Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a632bb27c2db1b9772f10799c3b2dae8f580e1dc121d807ffc9a44bf3b66b598
                                                                                        • Instruction ID: 89019e4d91a6843870ba85aceb733b6fc87ce3850354aea604b8d73e084fd49f
                                                                                        • Opcode Fuzzy Hash: a632bb27c2db1b9772f10799c3b2dae8f580e1dc121d807ffc9a44bf3b66b598
                                                                                        • Instruction Fuzzy Hash: 26F030313042059B8B08AA6DA4259797BA7EBC636A359853DE10ADB340EE32DC46C7A5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294D08E, Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec448609969e9647d63beff18d5a8b88f2711fb55f8ef6d88d406367f3481f1b
                                                                                        • Instruction ID: 398ee5fc01940a2508cc9a8e9bf431548d86aa11756b69e87450cdb1432ce281
                                                                                        • Opcode Fuzzy Hash: ec448609969e9647d63beff18d5a8b88f2711fb55f8ef6d88d406367f3481f1b
                                                                                        • Instruction Fuzzy Hash: 47E0D86631C244AF8B01227D942187EBFAA8AC6521309489BE106CB351DD55AC07C3B3
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948C30, Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e5773ddc8c2aaca78757c5a4a063cd7382c2fa72233b82437fd421bb107d3409
                                                                                        • Instruction ID: d3410205131ef17c80c4d46a6f53da9afb26bb37cd1e18f049886abe981d006f
                                                                                        • Opcode Fuzzy Hash: e5773ddc8c2aaca78757c5a4a063cd7382c2fa72233b82437fd421bb107d3409
                                                                                        • Instruction Fuzzy Hash: 8CF06531A17251DFC71217B4AD286243F75FB4969370945ABD842E7351DE304C05C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940D46, Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5d2ee54b69468c5b265a542f0a1ec871b2e7e02a92b3ad5619b48e245401e83b
                                                                                        • Instruction ID: 7f17423e17049fabbec9bebee34504598af7b60726739b44068bf838dc3ec861
                                                                                        • Opcode Fuzzy Hash: 5d2ee54b69468c5b265a542f0a1ec871b2e7e02a92b3ad5619b48e245401e83b
                                                                                        • Instruction Fuzzy Hash: C6F03032720104CFCB449B38E458E987BE1FF88615B148876E607CF275DF319C498B11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294C2C8, Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cf2d230efdcc61b2a5c968a682c96930b818ae6f5d46526c6fe84beb976164f2
                                                                                        • Instruction ID: be29fdf41972af6fa520694984a1efca3ebb20f5298fe656b71118a431da40f1
                                                                                        • Opcode Fuzzy Hash: cf2d230efdcc61b2a5c968a682c96930b818ae6f5d46526c6fe84beb976164f2
                                                                                        • Instruction Fuzzy Hash: 07F03436200B009FC330CEAAD544E07BBF6EF89724714896EE49A93A24E630F908CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029457A2, Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b359ece45c9642a00af4a3a36f07c195a31c8352f75b51113e479e9701160260
                                                                                        • Instruction ID: d3a1d33ca9e66d67a05bf631b06d769786eda54ca8737bb1606885aceef93965
                                                                                        • Opcode Fuzzy Hash: b359ece45c9642a00af4a3a36f07c195a31c8352f75b51113e479e9701160260
                                                                                        • Instruction Fuzzy Hash: 52F0A031B58104CFCB14BBB8E820EBC7761AF84204BA18975E106AA284EF211C01C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947807, Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e973aa0755f0feb7f1160d73eea815a827450a552c3de38a6f85af10c679e693
                                                                                        • Instruction ID: 65efd49f8c1d7b1e1e62e2da1d8936f5f59424ea56bbf596de7e2d986a10bb5c
                                                                                        • Opcode Fuzzy Hash: e973aa0755f0feb7f1160d73eea815a827450a552c3de38a6f85af10c679e693
                                                                                        • Instruction Fuzzy Hash: B4E06530F051188BDB54B3B998107AD57535FC0A18F840278D50ADB781FF114D118B92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029463B8, Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b188fb607d23ded46910b18a2df7aa88903a98be19c8084f9aa514df4f00d04b
                                                                                        • Instruction ID: eccbb76f2dcfe181d4e0a7a77c10d6cab5e7b4899e006057a7cd0742902bb5f4
                                                                                        • Opcode Fuzzy Hash: b188fb607d23ded46910b18a2df7aa88903a98be19c8084f9aa514df4f00d04b
                                                                                        • Instruction Fuzzy Hash: FCE04F213493945FD7062B794C2A67E3F5DBE8265434985AAE882DB382DE05980283EA
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946878, Relevance: .0, Instructions: 28COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 63f84a1b37dfe83dd88c0adb77b45d7fae4c9ff5f5f86825cd8e9480a663f40a
                                                                                        • Instruction ID: 09c6e45717a7dfcbb6968d57b7136cb6e808f3f1e0bbde64110eb1d65ee9f80c
                                                                                        • Opcode Fuzzy Hash: 63f84a1b37dfe83dd88c0adb77b45d7fae4c9ff5f5f86825cd8e9480a663f40a
                                                                                        • Instruction Fuzzy Hash: CCE0D8B290C285CFD701177428219FC2F5C9B83240B1906ABD907D6392DE884841CF37
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294B670, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dcda72d0984f1c597e9359538ae6242d6cb697ef14e214d6fbb8cd72eb9dee06
                                                                                        • Instruction ID: 09021bd0f71e419825da298d2c3eb56dc7decb9c90bde23af7125ae202d978ae
                                                                                        • Opcode Fuzzy Hash: dcda72d0984f1c597e9359538ae6242d6cb697ef14e214d6fbb8cd72eb9dee06
                                                                                        • Instruction Fuzzy Hash: F4E0D171500B105BC3249F6BD441553F7EAFBC4710B14C63ED15593B04DB71D4068690
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029489D0, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ee6a3530a7af35c31f164fdda3410dca19378c2ead2009ddafa6dad90c0493bb
                                                                                        • Instruction ID: 371b591256305864422af735a7dc5857b0ccf947637d2e5d7828938185e5b197
                                                                                        • Opcode Fuzzy Hash: ee6a3530a7af35c31f164fdda3410dca19378c2ead2009ddafa6dad90c0493bb
                                                                                        • Instruction Fuzzy Hash: EEF05834D09248EFCB45DBA8D6685ACBFB2EB4A300F1092DAD804A3256DB300A08CB42
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E5E8, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 918bbbd9f9436dff9b599ace055e8fdb06a95a35563aa35db23430ec1277ed8d
                                                                                        • Instruction ID: a541a52c3f5377b834a61cd475107f0a547bce26ac7370799a2bd4f137a7f040
                                                                                        • Opcode Fuzzy Hash: 918bbbd9f9436dff9b599ace055e8fdb06a95a35563aa35db23430ec1277ed8d
                                                                                        • Instruction Fuzzy Hash: E4E08672005524EBC3656A61D40AFB6B659FB09125F044D1BF4CA82A06CD269C51C7E2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029605F6, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499587217.0000000002960000.00000040.00000040.sdmp, Offset: 02960000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0418fcc90695852757e4436f63954a9471a16749f158f80b6c73baff0c8967ea
                                                                                        • Instruction ID: 7b112329145d5dfdb8c8f87a81d3b02c24f9611a1ca7757828461fa949ea5b8d
                                                                                        • Opcode Fuzzy Hash: 0418fcc90695852757e4436f63954a9471a16749f158f80b6c73baff0c8967ea
                                                                                        • Instruction Fuzzy Hash: A1E092B66006005BD650CF0AEC81452F7D8EB88631B18C47FDC0D8B701E679B504CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948AAA, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 66c6fa29c3005f2ab5fbf0a6cbd436eca4c8426dd10ffb4d91eebe218e6db1a8
                                                                                        • Instruction ID: 19c7a17cc93f97979d47dd0878cf7e61fa6558cc63b4e85156cd1d24d0d0f853
                                                                                        • Opcode Fuzzy Hash: 66c6fa29c3005f2ab5fbf0a6cbd436eca4c8426dd10ffb4d91eebe218e6db1a8
                                                                                        • Instruction Fuzzy Hash: 9CF0C07114825ADFC701EB68EE95C693B35FB553047148997E4018B659EFB09D05CB42
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029486E1, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 93f91ae7b152f02a5946af4fe34f60b082cf95963bcccad3ae7a5b02677d5b4e
                                                                                        • Instruction ID: c38d60d981fa371d387181b993495351ad6de3607ca8e5302db6a62f3eb9dde9
                                                                                        • Opcode Fuzzy Hash: 93f91ae7b152f02a5946af4fe34f60b082cf95963bcccad3ae7a5b02677d5b4e
                                                                                        • Instruction Fuzzy Hash: A6F06D71C0E288EFCB11AFB4EA6596DBF71AB07305F0415DAD44077692DB740A48C71A
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294EAE8, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3147606c53f7e436c10208f30e88331578e25fdedd0a47c0689d9634c7165231
                                                                                        • Instruction ID: 382cd0fdc85f627132d14baf23d1869649a6958ac51e444ad922c87f4fe2d624
                                                                                        • Opcode Fuzzy Hash: 3147606c53f7e436c10208f30e88331578e25fdedd0a47c0689d9634c7165231
                                                                                        • Instruction Fuzzy Hash: 58E04F312105209B8625D75ED464DAABBD9EBC57643108C2EE55B8B741EE62EC0287A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948C40, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de4f4c04783ab987cc0c5fa79704032fc4e1d3f2e3ce389a78f838934bf36161
                                                                                        • Instruction ID: f28f574b3382eef550b61000e7fea0bcc4c3ccc062d27b8c56011c283c221664
                                                                                        • Opcode Fuzzy Hash: de4f4c04783ab987cc0c5fa79704032fc4e1d3f2e3ce389a78f838934bf36161
                                                                                        • Instruction Fuzzy Hash: 13E09232F13121DBC76157A8AC1462477EAF788793718456AD907E3304DE308C118BD2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E5A8, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 56031ff2b32fdd6757f5c6387a979f51b30a953aa4c7f90c81f02ac177808acb
                                                                                        • Instruction ID: 0441b8d80a112307bdab03fbdde760bae2969f7f16a8e70a1ff1a32a32f96f60
                                                                                        • Opcode Fuzzy Hash: 56031ff2b32fdd6757f5c6387a979f51b30a953aa4c7f90c81f02ac177808acb
                                                                                        • Instruction Fuzzy Hash: BBE04F312046109B8A25EB6DD460DAAB799DBC57603108C2EE54B8B380FE72EC0287E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029455E7, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 66f8c25621c6b5e1a5a1276b9733e4345b2ca7f63fa14258b68b8c7221185bc9
                                                                                        • Instruction ID: 9c2a5086b4f7a6102b14872cc4186a661d1d9946cb51ccd697c319b6f2187215
                                                                                        • Opcode Fuzzy Hash: 66f8c25621c6b5e1a5a1276b9733e4345b2ca7f63fa14258b68b8c7221185bc9
                                                                                        • Instruction Fuzzy Hash: 41E08632B141485A8F1555796C506FFBFEA9BC4260F04057FD509E3240EE6145158691
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946130, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de59ce85ea78f72aa72309d93b7b96c0c9b4e83992878b3bf4c29fe6c4c44bd5
                                                                                        • Instruction ID: e02eeb96a4ff109c86f9a49ca3acf18498f9b8ba319a54505e71e74f9bc2235a
                                                                                        • Opcode Fuzzy Hash: de59ce85ea78f72aa72309d93b7b96c0c9b4e83992878b3bf4c29fe6c4c44bd5
                                                                                        • Instruction Fuzzy Hash: 1DE08631740218A7C21562AE5411B2AE29E9BCA751F50083AE20A87391CCA29C0283B4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DBAF0F, Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497888250.0000000000DB2000.00000040.00000001.sdmp, Offset: 00DB2000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 159b78f54f5e5b79b509294cf07d51d920246824fa8e0c1f7ae49e3e08d5c4c5
                                                                                        • Instruction ID: b2fcca30bbfd786e17136df9c75c85a2cd9b6a1041e0de7ec2dbd9b01dd7121e
                                                                                        • Opcode Fuzzy Hash: 159b78f54f5e5b79b509294cf07d51d920246824fa8e0c1f7ae49e3e08d5c4c5
                                                                                        • Instruction Fuzzy Hash: 75E0D8B260120467D210CE0A9C81B12FB58EB54A30F04C567ED091F301E175B5148AF5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294F677, Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d5ed0b424ca2bb7490b084d7fc846f6e5d275be97615c98496795db0d879f6bd
                                                                                        • Instruction ID: 3c6e07fcee3b898c922403448da5fb03e43066349c6a13c290994907f17b3b86
                                                                                        • Opcode Fuzzy Hash: d5ed0b424ca2bb7490b084d7fc846f6e5d275be97615c98496795db0d879f6bd
                                                                                        • Instruction Fuzzy Hash: 0BE086523452245BE704926DD8516F6BB8ED7C5365B04446AB40AD7381CD16DC0283E0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294AFF1, Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6c73ca837fde2460800e22f003f34735e2a71c2ad2aa9b6778a93603a5553e99
                                                                                        • Instruction ID: c6ef79e9f2b68ab91834d32c82f2d4997cae8113b4deff6e979c5c9a08b391ef
                                                                                        • Opcode Fuzzy Hash: 6c73ca837fde2460800e22f003f34735e2a71c2ad2aa9b6778a93603a5553e99
                                                                                        • Instruction Fuzzy Hash: 90E02076B04114AFC74537786425E393FD76B4E651F000955E516C7354DD32DC018351
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294D0D8, Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1960c02fdb4df11996d2b4ebe4e9a91f4e14eee6bef6109ef8711cbf634180e6
                                                                                        • Instruction ID: cb955a02b495828ea1ba9ca7e4d52d02ea62417b82b6e91a8fbfb7587d94530d
                                                                                        • Opcode Fuzzy Hash: 1960c02fdb4df11996d2b4ebe4e9a91f4e14eee6bef6109ef8711cbf634180e6
                                                                                        • Instruction Fuzzy Hash: 4BE08C39300510AFC2289A54DD50F76B3ABEBCD235F18C52BE91A97B40CB39EC0397A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294D0A0, Relevance: .0, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e7d7e6976e2eb5113fa95d46dc20f469b3684f2c9ba7b72b97628040b3b44a44
                                                                                        • Instruction ID: e0d6e3be3b0fadc4046362fe3aabd814fc07d908b6f51171af9ff298e742d7cf
                                                                                        • Opcode Fuzzy Hash: e7d7e6976e2eb5113fa95d46dc20f469b3684f2c9ba7b72b97628040b3b44a44
                                                                                        • Instruction Fuzzy Hash: B3E05B35318114DB4A14626E9021C7EB78E9FC5562715046FE507C7350DE56AC03C3B7
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02948AB8, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b6b4e46e2d4705c30c6e4b6daa2a3c3bd394fd29d85b121400cb4729ff35f93a
                                                                                        • Instruction ID: 0fe37caa9f0c71974e7fe9ac2264ddf9d67084e2fe93d10d0fdcfb82339d0d3b
                                                                                        • Opcode Fuzzy Hash: b6b4e46e2d4705c30c6e4b6daa2a3c3bd394fd29d85b121400cb4729ff35f93a
                                                                                        • Instruction Fuzzy Hash: 46E0757115821EDBC700EB58E984CA93B6AFB54704B148A57E9168A618EFB0ED05CB82
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029489E0, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 056002ac2289aab725678c7509e32f6ce844f42a67713854c8cb97d7fa56d6c8
                                                                                        • Instruction ID: 92c79c694b8415184e7e7f6dcef0428e9061bb750285f90ee7632601b92e4910
                                                                                        • Opcode Fuzzy Hash: 056002ac2289aab725678c7509e32f6ce844f42a67713854c8cb97d7fa56d6c8
                                                                                        • Instruction Fuzzy Hash: 99E0E578D08108EFCB48EFA9D659AADBBF6EB48300F1091A6D805A3305EB305A44CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029486F0, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c1651001bb1d9f7443d9b58d260e5cafd5232c85df130986409af277545d5b6e
                                                                                        • Instruction ID: 57f135c3920f0b20bc372f06cb29e06e35da70940113c50dcf628cc9611ff964
                                                                                        • Opcode Fuzzy Hash: c1651001bb1d9f7443d9b58d260e5cafd5232c85df130986409af277545d5b6e
                                                                                        • Instruction Fuzzy Hash: 8AE0B670C5520CEBCB14EFB8E95696DBF75EB46305F1061A9E80423254DB705A84CA59
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294EB28, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 166b8716ec3f473ccbd5f6008bc897495024528e0aeaafa23b03fc57722f7e46
                                                                                        • Instruction ID: 514e47c14f2f129b24068e868cbd32a6d07d26d246df3dc747b0f8ee6b059b4a
                                                                                        • Opcode Fuzzy Hash: 166b8716ec3f473ccbd5f6008bc897495024528e0aeaafa23b03fc57722f7e46
                                                                                        • Instruction Fuzzy Hash: 06E02B31006208EBC3240752D445F72B7AEF700226B448D1DE09B83B00DE22B811C380
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946459, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2410f742c0668e8bd15f77beaa610535850bc30ebac277bab1226c12d63e3c07
                                                                                        • Instruction ID: 23bdc16fdfd48d1c720a1d1b3e63239e43bdc75f18e9860fc1e2fd043fe87618
                                                                                        • Opcode Fuzzy Hash: 2410f742c0668e8bd15f77beaa610535850bc30ebac277bab1226c12d63e3c07
                                                                                        • Instruction Fuzzy Hash: 08E026713041145FD70496A88871AB5778EEBC5310B0144AFA406DB382CD22CC0283E4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945DE8, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f24c79cf675040e24d62a9146aa5388475afc7479242f495c003f7d72f29f38b
                                                                                        • Instruction ID: 8dfc4321ab0ebe4ad83403dbc56a0178b29cdc5fcf2ff5c54ff9e5dd242c63c3
                                                                                        • Opcode Fuzzy Hash: f24c79cf675040e24d62a9146aa5388475afc7479242f495c003f7d72f29f38b
                                                                                        • Instruction Fuzzy Hash: E2E0C2203AE2956FCB1663F408708BA2F65498251438A09FBA087CB287DC044C0583A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940170, Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c253b2c597652514d83f7134ebea4576e34febcaae6fa246da523a47ef644afe
                                                                                        • Instruction ID: 52a19703f584055536bcb81f2c4629a69bbe8fbb419f410585f83e6a0ba78e97
                                                                                        • Opcode Fuzzy Hash: c253b2c597652514d83f7134ebea4576e34febcaae6fa246da523a47ef644afe
                                                                                        • Instruction Fuzzy Hash: 27E0127111D340CFC7066BB0983A4683FB9AE4620130505FED445CB7B6EA7AD851CB21
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029402A0, Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6370156b0b4bbdab2af0365813bb414ee933e5677aad17eb0751d4004cfdd797
                                                                                        • Instruction ID: 0ca7c20adb2cbc5a2e28932b235b65ead0bdfe88301f54d94da3839a10898c8a
                                                                                        • Opcode Fuzzy Hash: 6370156b0b4bbdab2af0365813bb414ee933e5677aad17eb0751d4004cfdd797
                                                                                        • Instruction Fuzzy Hash: 54E0123150D790CFC3568B68E9798957FB0EF8A7003068DABD886C7A95CB24AC01C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029463C8, Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f644fd6d3cff4cdc62c3fae44ac84d3310d948d0cd5e6d0d73064e3aa00d18b0
                                                                                        • Instruction ID: ce3f93a44d78d0727fc9cddcad39123af3a44b9da711a8ad34521d3c51110749
                                                                                        • Opcode Fuzzy Hash: f644fd6d3cff4cdc62c3fae44ac84d3310d948d0cd5e6d0d73064e3aa00d18b0
                                                                                        • Instruction Fuzzy Hash: 93D0A7653802585B5A04767E5C0567F3B8DBBC16953444528F407D7340DE01DC0143FD
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946888, Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 99d49201f32e22bb4e956bb82d1b5a201383c118cc1e6bec25f95a43380ede82
                                                                                        • Instruction ID: 646737f2177b75a8787dc1ef2fe156d203a6ebbb17a3f760645f38f7d45cd4fb
                                                                                        • Opcode Fuzzy Hash: 99d49201f32e22bb4e956bb82d1b5a201383c118cc1e6bec25f95a43380ede82
                                                                                        • Instruction Fuzzy Hash: 9CD05BB161C516C7DB0027996414EED378CDB82651F440525EE07D2351DE859C40CBBB
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294F688, Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 40ac629c8e872fb827db012dc448eeaa2b2736c221afe27c84e90a31646d6958
                                                                                        • Instruction ID: 3e15e21fb1b7883cfaddb8951f975c2dfbea75f647eb6c80b872ff1bdfecb927
                                                                                        • Opcode Fuzzy Hash: 40ac629c8e872fb827db012dc448eeaa2b2736c221afe27c84e90a31646d6958
                                                                                        • Instruction Fuzzy Hash: 46D0A7213401349B6608E6ADC8518FAF3CEDBC5720304847EB50BD7381CD62DC0283F0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294064F, Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0b06b33e34dc036478cc400bc9e09cd0fa79b345f2cabee35e5b59805b17ed78
                                                                                        • Instruction ID: 30f9438a8b34bf9b113ca1344ca31c1c7211b8c6983f4daffe4a8be57dab9cc5
                                                                                        • Opcode Fuzzy Hash: 0b06b33e34dc036478cc400bc9e09cd0fa79b345f2cabee35e5b59805b17ed78
                                                                                        • Instruction Fuzzy Hash: EDD05E7244D390CFC3061B7118195A87B64DFA220070059A2D911868339AA66547C672
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029457F6, Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b8552105db1ecd6e2e24bda7bc17c372212220e3f78b4cd51c41032e574e44ed
                                                                                        • Instruction ID: 8ba9052be35777a6673b07ae62f6d51d6fc925bb1036dbc2737518728a919660
                                                                                        • Opcode Fuzzy Hash: b8552105db1ecd6e2e24bda7bc17c372212220e3f78b4cd51c41032e574e44ed
                                                                                        • Instruction Fuzzy Hash: CED01235F0C104CBCB44A7E4E9555ECBBB1EBD45287465576D117E6200DE310805C796
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02946468, Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1a8faef3d45644055421b2f4fd6dcb38dd96a7431ba9c46e15a5462e0a3f90a4
                                                                                        • Instruction ID: 8ae11a1c8bbf87114d4cf8bbd6cbcb24a0bafde501fb8e27e7889739bf0517db
                                                                                        • Opcode Fuzzy Hash: 1a8faef3d45644055421b2f4fd6dcb38dd96a7431ba9c46e15a5462e0a3f90a4
                                                                                        • Instruction Fuzzy Hash: 2BD0A7713401245BAA04E6ADD8A19BAB3CEEBC5720304846EB90BD7381CD62DC0283F4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 029479A0, Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2df03d75dca4fb6377d13f51af3054dcdcc0890682969cc45638f43d33ff582c
                                                                                        • Instruction ID: be6c1a9d74815ed8a7709b996f4f4d8ea06ab832e1b97d97afd525a3d8c30ff9
                                                                                        • Opcode Fuzzy Hash: 2df03d75dca4fb6377d13f51af3054dcdcc0890682969cc45638f43d33ff582c
                                                                                        • Instruction Fuzzy Hash: 6CD012310097589FDB3546B9D414EE2FA9D6B4A718F040D6EC68605950CF61A484C3A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294E5F8, Relevance: .0, Instructions: 19COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 576b8d684dad083b801eb041931f60d4c235b76525be17e3cea6c1b64d0793e4
                                                                                        • Instruction ID: 68311505902d860a353cc1a8eb3068b51c9ddba75997648ccb56cba1b1697d82
                                                                                        • Opcode Fuzzy Hash: 576b8d684dad083b801eb041931f60d4c235b76525be17e3cea6c1b64d0793e4
                                                                                        • Instruction Fuzzy Hash: F3D05E31108234DBC765AA549018DB6B299BB0852AF004D6AE4CB8220ACE22AC01C3A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DA23F4, Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497736555.0000000000DA2000.00000040.00000001.sdmp, Offset: 00DA2000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e0c24801ef60055af5577af03982e40d96ed58ac043bdb217fd25451911fa8c7
                                                                                        • Instruction ID: db2a1d47366f864ec956a59e83b80a4d0d22cd05ca0420d13027af061bff88c9
                                                                                        • Opcode Fuzzy Hash: e0c24801ef60055af5577af03982e40d96ed58ac043bdb217fd25451911fa8c7
                                                                                        • Instruction Fuzzy Hash: E1D05E79205A814FD3268A1CC1A9BA53B94EF66B04F4A44F9E8008B6A3C3A8D981D210
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294EB38, Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c6c11f4d5d90dff81866efc602d06d00d79162a14dd5ee7015050e410e1277d
                                                                                        • Instruction ID: ad81ad43d398bc0d7fcec58dbd392e5c6e6df7876cacaf537dd60952a6d8a913
                                                                                        • Opcode Fuzzy Hash: 2c6c11f4d5d90dff81866efc602d06d00d79162a14dd5ee7015050e410e1277d
                                                                                        • Instruction Fuzzy Hash: 77D0123151A718DB83385A57D454CB2B7E9FA456263448E6ED1AF47700DF72BC40C7D1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945F51, Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 171fc504774018d9444cbb16ef7c8284d10e890efc7576b9dd23ae5fbd08b082
                                                                                        • Instruction ID: c3001502118a2f1911cf90f51b40942eecc3e53d69c34e055f75d37308027ff3
                                                                                        • Opcode Fuzzy Hash: 171fc504774018d9444cbb16ef7c8284d10e890efc7576b9dd23ae5fbd08b082
                                                                                        • Instruction Fuzzy Hash: 5ED0CA2014E3C59FCB620BB15C366203F2CC85350078A41E3D58ACA0ABEA14A80AC3A3
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947450, Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                                                        • Instruction ID: 275800d0933ea9a7299a20ef168651031457268bef1710d4926d2df089ace62d
                                                                                        • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                                                                                        • Instruction Fuzzy Hash: 9ED0423AA000088FC714CB88D5949D9F7F2EB88325F28C1A6D919A7251C732ED56CA50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DA23BC, Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.497736555.0000000000DA2000.00000040.00000001.sdmp, Offset: 00DA2000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6af05ff16e25079ee24dd6904520fa871d287b22c2f233f5131044831213347b
                                                                                        • Instruction ID: 7f621312d039d75ad5d1109fa4087fc3b552b45ed26c353fce925c066a53279c
                                                                                        • Opcode Fuzzy Hash: 6af05ff16e25079ee24dd6904520fa871d287b22c2f233f5131044831213347b
                                                                                        • Instruction Fuzzy Hash: DBD05E342012814BCB15DB1DC194F6937D4AB42B00F0A44ECAC008B662C3A9EC81C610
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294F6C0, Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 651d3f9201fafc351679ce6499069b26bbd572e905bc45238c5efb7e0391ed96
                                                                                        • Instruction ID: 9e02b62e56434a8dedf5e726a6523c517f3be669a900a627ede1c8083211c059
                                                                                        • Opcode Fuzzy Hash: 651d3f9201fafc351679ce6499069b26bbd572e905bc45238c5efb7e0391ed96
                                                                                        • Instruction Fuzzy Hash: 22C08CB2842B0C9FCA8433F4E84B3883B0E8B84620F844820A509D6B52EC18A0121428
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947E96, Relevance: .0, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8073b976390fa7b6e243c0b0c492188db6a64fc82ac84f7684f79de5cb7bc261
                                                                                        • Instruction ID: 224edf6ab49fec8488a9f156d549b7f9b2e26bed8add586158faca5ef48c1c9c
                                                                                        • Opcode Fuzzy Hash: 8073b976390fa7b6e243c0b0c492188db6a64fc82ac84f7684f79de5cb7bc261
                                                                                        • Instruction Fuzzy Hash: 86D09E7595020ADFC751DF76D9644DD7BF0AB096117200729D5029B395EB345D01CB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945478, Relevance: .0, Instructions: 13COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ffaab2ae15b747e436b1fd28751906808b6a259d5979d52a3160bd90bd35a584
                                                                                        • Instruction ID: 72d8f956c858df96c87153c658def28ab1ba268f792de575dddd5bf9fad3fb06
                                                                                        • Opcode Fuzzy Hash: ffaab2ae15b747e436b1fd28751906808b6a259d5979d52a3160bd90bd35a584
                                                                                        • Instruction Fuzzy Hash: D1D0C934108344CBD6241BFA6C0DB2E3A5CAB5060BBC60685D00ED4665EF308250DA36
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940180, Relevance: .0, Instructions: 12COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1c44d8085b8fba3e421e003472ed036c2830f4541657cf031783eb3ff35f1c3b
                                                                                        • Instruction ID: 66f2a6be46d866bbe55b6bf5df4bb25ab5c0b7e873f38ab7bc28b09aae028abc
                                                                                        • Opcode Fuzzy Hash: 1c44d8085b8fba3e421e003472ed036c2830f4541657cf031783eb3ff35f1c3b
                                                                                        • Instruction Fuzzy Hash: CED00275601304CFCB196BB4E42942C77AAAB8960635009BDE816C77A4EF7EE891CA64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294CE68, Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0f8465b35b5803effa74c949166b840b166d721fc53014aa308d57e7722dfe1f
                                                                                        • Instruction ID: 37c035c3773114cb7073fd923ee2ef3e26ef18171edcfb9f0cd8b55f1b5437ff
                                                                                        • Opcode Fuzzy Hash: 0f8465b35b5803effa74c949166b840b166d721fc53014aa308d57e7722dfe1f
                                                                                        • Instruction Fuzzy Hash: B6C08C7110A7608FCF012630A9782093E20AB0B3113220C92E101E9651E330C080CE11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945D70, Relevance: .0, Instructions: 11COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0c2a35e897cf5f3e05bfbe45e31fc9a256904b2acf63e68cbe9cc615f2c6eddf
                                                                                        • Instruction ID: ec92c7df3ed3669677a5afbe2e0534ed96f0d365f94ff82a1cd8ba979660fd21
                                                                                        • Opcode Fuzzy Hash: 0c2a35e897cf5f3e05bfbe45e31fc9a256904b2acf63e68cbe9cc615f2c6eddf
                                                                                        • Instruction Fuzzy Hash: 42C04C30604B05CF9A5427F56D1DA2D379C9F905453C10655E51ACA220EF2594009565
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02940660, Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a40deaf266bda43302085e6e914b0e37e492a3658a4b4b2eaf04a920a6c62cc0
                                                                                        • Instruction ID: 301ef1e8e357136f6d4ae6c045dd7d92c13146c76f67d4075f4c29c91a2aae61
                                                                                        • Opcode Fuzzy Hash: a40deaf266bda43302085e6e914b0e37e492a3658a4b4b2eaf04a920a6c62cc0
                                                                                        • Instruction Fuzzy Hash: 33C02B70049324CFC20C27B11C05C39720957D0300300CD31DE03001208D327451C831
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02945F60, Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b3fac2fa615685d25793a152212bd69b9269901d26a2fba43789a91ecb6195cc
                                                                                        • Instruction ID: 3d711cbbb3988440cbb745d684e4cd9044926d2f4f0b9c95b82f47bb56b01329
                                                                                        • Opcode Fuzzy Hash: b3fac2fa615685d25793a152212bd69b9269901d26a2fba43789a91ecb6195cc
                                                                                        • Instruction Fuzzy Hash: 15B09230244B49CB4A502BF1691CB65779CD91590578903A5E60FC0220EF25A4019577
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0294F6D0, Relevance: .0, Instructions: 8COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b824962d3ad4ba5e235c678807d0b015454f247ece6a6132ab950da95ec81269
                                                                                        • Instruction ID: f477fbcb2c5482a7f17d5b83e685d25f27fba3c5051327dcd39656cd86ac55dc
                                                                                        • Opcode Fuzzy Hash: b824962d3ad4ba5e235c678807d0b015454f247ece6a6132ab950da95ec81269
                                                                                        • Instruction Fuzzy Hash: 39B0123058074CC7CD8833F4640C45D7B4D1D84200B800421984D83341BD6464004965
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02947474, Relevance: .0, Instructions: 8COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000008.00000002.499476276.0000000002940000.00000040.00000001.sdmp, Offset: 02940000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                                                        • Instruction ID: eaa8025401f61030d5b0db889d55c96376a80baa2af2189cda483e9bdc513c45
                                                                                        • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                                                                                        • Instruction Fuzzy Hash: 7EB092B7E04008C9DB108AC4B4417EDFB20E790325F104023C31452140D3360174C691
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Analysis Process: RegSvcs.exe PID: 6508 Parent PID: 904 RegSvcs.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 015811D0, Relevance: .2, Instructions: 222COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea6c51daa7848cb6059d8c1a5349742573da636a0ddbee0cadd0da23bcf62095
                                                                                        • Instruction ID: 0b9e9dfc06563290fce191e3f9aa5737f70959ee26025aaf22fe276214806051
                                                                                        • Opcode Fuzzy Hash: ea6c51daa7848cb6059d8c1a5349742573da636a0ddbee0cadd0da23bcf62095
                                                                                        • Instruction Fuzzy Hash: 36814974B005029FCB14EBBDC554B6EBBE7FF84340F248069D44AAB7A1DA369D42CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0158010F, Relevance: .2, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1aace6c8826ad53f31c6711168d959fbbbb4c72c9fa51b2cd85542d19cbeb001
                                                                                        • Instruction ID: 2dcb884e15639e0bb9021a7a49e94087dbfbbd19f4f9834d6e0f7942e83045fd
                                                                                        • Opcode Fuzzy Hash: 1aace6c8826ad53f31c6711168d959fbbbb4c72c9fa51b2cd85542d19cbeb001
                                                                                        • Instruction Fuzzy Hash: 8C712D34B002019FD768EB78E56CB697BF3BB88344F148468E4469B395CF7A9C85CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015811C1, Relevance: .2, Instructions: 180COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3bd37c69a168d83d00f49ec8cb55d4231d24748b2cf6bf7f8c2f3e90fbf14f6b
                                                                                        • Instruction ID: d3dc192f1f9995d9ebf21ddf58b2355f8700b831522b3eeda2ac2e3512522d85
                                                                                        • Opcode Fuzzy Hash: 3bd37c69a168d83d00f49ec8cb55d4231d24748b2cf6bf7f8c2f3e90fbf14f6b
                                                                                        • Instruction Fuzzy Hash: BA614874B006028FDB14ABBDC594B6EBBF7FF84340F258069D406AB7A1DA359D42CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0158040C, Relevance: .1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a9d835553280da434d22c56a7120fbdac06ffc8d5997c9d396933c95e463dede
                                                                                        • Instruction ID: 3dc761592d3c5066de33ac7b66d3066d1d428057ec5c41d685b51cfbdd0301c7
                                                                                        • Opcode Fuzzy Hash: a9d835553280da434d22c56a7120fbdac06ffc8d5997c9d396933c95e463dede
                                                                                        • Instruction Fuzzy Hash: CC413F70B40216CFEB24AF79D16976D7EB1BF85704F24446CE502AF291CF7A8949CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015806E8, Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a1cd9c8553c8c8e402c4092ae9bc6779af65dc21b306719956024ec9e5359411
                                                                                        • Instruction ID: d12f3b485f1cab6798dc89bda6aacc482607405a470f95783f328cf6b4f75e22
                                                                                        • Opcode Fuzzy Hash: a1cd9c8553c8c8e402c4092ae9bc6779af65dc21b306719956024ec9e5359411
                                                                                        • Instruction Fuzzy Hash: C3312C307412508FC759BB7DD028A6E3AE6BF85705B2004BCE546CF7A1DE3ADC458BA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015806F8, Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f87f1fd8b85d50e8d8054df0e2a4510136eabd86a6f58caec719ce212bcec2d9
                                                                                        • Instruction ID: 5b4865e095c8d606cb408d8dcf69271a13b0629da7efb1e0cb0d2057f2aa7f49
                                                                                        • Opcode Fuzzy Hash: f87f1fd8b85d50e8d8054df0e2a4510136eabd86a6f58caec719ce212bcec2d9
                                                                                        • Instruction Fuzzy Hash: 2B214C307412108FC759BB7DD028A2E3AE6BF85705B2004BCE546CF7A1DE3ADC458B95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02ED05CF, Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293545315.0000000002ED0000.00000040.00000040.sdmp, Offset: 02ED0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 959637cc4dd99ad3e2508d487cee0d919fcab17337a5dd6314ba405162c51f90
                                                                                        • Instruction ID: 2d287085d58b1b4dff61687f1d345020114ed3d829e8a5158ca04f3430c5e940
                                                                                        • Opcode Fuzzy Hash: 959637cc4dd99ad3e2508d487cee0d919fcab17337a5dd6314ba405162c51f90
                                                                                        • Instruction Fuzzy Hash: F401D6755493806FD7018F16EC418A3BFE8DF8623070984ABEC488B222D125B909CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01581060, Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f0db387cf16f84ae80f224deddc06c796c1464e464e51ce82b0f6c30681d5a9b
                                                                                        • Instruction ID: b9bdc3bb1550c9495adab90c8e65240a169686255b7f05bf66e51d755d0146f9
                                                                                        • Opcode Fuzzy Hash: f0db387cf16f84ae80f224deddc06c796c1464e464e51ce82b0f6c30681d5a9b
                                                                                        • Instruction Fuzzy Hash: 60F02430754780AFD325967D5C11FBB3BEABFC2620F15446AEA86DF282DA658C02C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01581070, Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c700d50a718bb3ca5116288a62edbdacc835856e2d4f4700d44260ee4da80a0a
                                                                                        • Instruction ID: 5d4d3f16ddc89cdf75fbe34c91d0eadc689fbaf950de04598e50a6dd300c4aff
                                                                                        • Opcode Fuzzy Hash: c700d50a718bb3ca5116288a62edbdacc835856e2d4f4700d44260ee4da80a0a
                                                                                        • Instruction Fuzzy Hash: 8AF05931340150AFD714A67DAC00FAB77DAFBC4621F004429F70ACF280DE61DC029790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015800C0, Relevance: .0, Instructions: 32COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 426bd2a4e5bced10849b73289577000c6b34900dd58d20a2bbef2efcc1e86bad
                                                                                        • Instruction ID: f82422d22c97038358ab15b1fec0a2c6b53e5785123d1b7103cff8798ba8acdd
                                                                                        • Opcode Fuzzy Hash: 426bd2a4e5bced10849b73289577000c6b34900dd58d20a2bbef2efcc1e86bad
                                                                                        • Instruction Fuzzy Hash: FEF0FE71D05209AFCB50DFB898559EFBFF4FE49264B21446AD548E6211E3310A11CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01580F22, Relevance: .0, Instructions: 31COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f662f6499a9f7b42601ee5e96852fae96e4bb446520043a3c88409e851e68c93
                                                                                        • Instruction ID: dc91fa89bc2f2b7199e75649dbbaad0eada8332eb0e5dd5354626ecd986b330a
                                                                                        • Opcode Fuzzy Hash: f662f6499a9f7b42601ee5e96852fae96e4bb446520043a3c88409e851e68c93
                                                                                        • Instruction Fuzzy Hash: 3DF05E34304240EFC365DF7CE55889A3BEAEF9A22431140EAE445CB331DA765C46CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015810D0, Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fcc97ef939e114f036ec2bfa29856452342fd1846a371fa8a287c0b9772497e0
                                                                                        • Instruction ID: 95cd3338bc9b12c87bc1cc720c6f9002875dec7661d2a433a632a2eab78fc9d4
                                                                                        • Opcode Fuzzy Hash: fcc97ef939e114f036ec2bfa29856452342fd1846a371fa8a287c0b9772497e0
                                                                                        • Instruction Fuzzy Hash: D0F092B1E11348AFCB90DFB898566EEBBF4EB86264F10447AD508E6601E23545068BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 02ED05F6, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293545315.0000000002ED0000.00000040.00000040.sdmp, Offset: 02ED0000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6350f1526710d4b2f131c34094d197be71e50fdfae0b6a51f74cd0e692d8d0f3
                                                                                        • Instruction ID: 4bdfae36bcee611bc44fa4ef04491028ff654dd4ada3c007c538d7a77730e2a2
                                                                                        • Opcode Fuzzy Hash: 6350f1526710d4b2f131c34094d197be71e50fdfae0b6a51f74cd0e692d8d0f3
                                                                                        • Instruction Fuzzy Hash: 01E092B66006004BD650CF0AEC81462F7D8EB84630718C47FDC0D8B711D139B504CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01580F30, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d620eb252cf8d2518a4d4a898c9a6638aaae3946f7cb53e41f1e1858595048af
                                                                                        • Instruction ID: d1e7aba49c72407a0ddbf272f0499fcadadfc387e8022a31f8e19926d3bfe928
                                                                                        • Opcode Fuzzy Hash: d620eb252cf8d2518a4d4a898c9a6638aaae3946f7cb53e41f1e1858595048af
                                                                                        • Instruction Fuzzy Hash: B1E01A35710110DFC764EB7CF65C9AA37EAEB8922131181B6E809C7325EE76AC45CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015800D0, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 43b5cb991e3bb76409fe90401d9f433eba39901bf36a215a48ddbcb313fd2939
                                                                                        • Instruction ID: 4648d98bd2bc11c5f333a50e81478c30bd25a4850367a19e0869e0080b282e07
                                                                                        • Opcode Fuzzy Hash: 43b5cb991e3bb76409fe90401d9f433eba39901bf36a215a48ddbcb313fd2939
                                                                                        • Instruction Fuzzy Hash: F0E09AB1D0521D9F8F50EFB999455DFBFF8FA48250F100466D508F3200E33556158BE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 015810E0, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000012.00000002.293493236.0000000001580000.00000040.00000001.sdmp, Offset: 01580000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b7f2b1b7df344d0f794eae7baba0f23bf4963e752e3db40815f069dc2d278c6f
                                                                                        • Instruction ID: 3817876aa60c96f08cf55d84729b4fc2c3fc95d8be3fab1cee6a8701eae6e582
                                                                                        • Opcode Fuzzy Hash: b7f2b1b7df344d0f794eae7baba0f23bf4963e752e3db40815f069dc2d278c6f
                                                                                        • Instruction Fuzzy Hash: C6E0B6B1D002099ECB50EFBD98456DFBFF8FB48260F10443AD108E3200E63552118BE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Analysis Process: dhcpmon.exe PID: 6532 Parent PID: 904 dhcpmon.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 012811D0, Relevance: .2, Instructions: 222COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 61f825b6cc7eaafb2a5106dd8793eb6c402531dbe03b4cf3adceff6a77906b87
                                                                                        • Instruction ID: 45519e8464bad7a71a87c8d9875db6b1573cfe9a8e56661e6909d6b128651d13
                                                                                        • Opcode Fuzzy Hash: 61f825b6cc7eaafb2a5106dd8793eb6c402531dbe03b4cf3adceff6a77906b87
                                                                                        • Instruction Fuzzy Hash: D9817D70B001068FDB04EBBDC454B6EBBF7AFC4340F15842AD90AAB7A5CA309C42CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0128010F, Relevance: .2, Instructions: 193COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0b9daaaa172cce104e7c47f646dfa231ce03198398c76652f1eef6342e4f9f5
                                                                                        • Instruction ID: bfbf20c518af8867604cc54c9c25823c52704bbd1c2b85e59c1b160208175308
                                                                                        • Opcode Fuzzy Hash: c0b9daaaa172cce104e7c47f646dfa231ce03198398c76652f1eef6342e4f9f5
                                                                                        • Instruction Fuzzy Hash: 2F718430B21152CFD718EB38D4587697BF3BB88340F15816AE91A877A8CB729CC5CB84
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012811C1, Relevance: .2, Instructions: 178COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8780bb32ca4862658d63a7f2327a27e3931c5280433fe50b78777c37d19acd3a
                                                                                        • Instruction ID: c71fe31588ccc44ef36b719798f352333fd4fe36de5488ed47a591c05422061c
                                                                                        • Opcode Fuzzy Hash: 8780bb32ca4862658d63a7f2327a27e3931c5280433fe50b78777c37d19acd3a
                                                                                        • Instruction Fuzzy Hash: F1618C74B002068FDB04EBBDC444B6EBBF7EF84340F15846AD906AB7A5DA349D52CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0128040C, Relevance: .1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3678476a7f790a779af8559a09566d843757f53d497b2dbceb48302b84f692a4
                                                                                        • Instruction ID: 6312c705b87bbebf3fdaf9424ca32376ee02791c239b620a57622e34e2f2b798
                                                                                        • Opcode Fuzzy Hash: 3678476a7f790a779af8559a09566d843757f53d497b2dbceb48302b84f692a4
                                                                                        • Instruction Fuzzy Hash: FB417370B61226CFEB24AF68D05976D7EB1BF84704F24402CE5129B2D1DFB58849CB94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012806E8, Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4df32bfcc9634dd67ec93d51b06504c533ca43e5d8f2cf8537c68a4a9a4470a2
                                                                                        • Instruction ID: 6315770378800a2b8e3c2ee65cb4ce41aecf7b798d9d47be329d1f278698c077
                                                                                        • Opcode Fuzzy Hash: 4df32bfcc9634dd67ec93d51b06504c533ca43e5d8f2cf8537c68a4a9a4470a2
                                                                                        • Instruction Fuzzy Hash: DB312C307412508FD759BB7D9028A2D3AE6BF85315B2005BCE506CF7A1DE3ACC458795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012806F8, Relevance: .1, Instructions: 86COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8848d6ca1624bcf946d1e8be7a7fbfed6899a9074f36643f2012ccacb8655634
                                                                                        • Instruction ID: 7067eaa7ff6c4a61eb1fcce019d1cc8df0653d7002bdf9227d7afd4de5f0938e
                                                                                        • Opcode Fuzzy Hash: 8848d6ca1624bcf946d1e8be7a7fbfed6899a9074f36643f2012ccacb8655634
                                                                                        • Instruction Fuzzy Hash: 9D2141303412508FD759BB7DD028A2E3AE6BF85705B2009BCE506CF7A1DE7ADC458795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012905CF, Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293763170.0000000001290000.00000040.00000040.sdmp, Offset: 01290000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fc267b38c0802c6535acd7b5534db321b72a96fe59528c3b5b6595d6cec0773a
                                                                                        • Instruction ID: cdc85d408a13fc6a8f7022c0fee12ba5e055398b2bfa2d4d2381f801066aa882
                                                                                        • Opcode Fuzzy Hash: fc267b38c0802c6535acd7b5534db321b72a96fe59528c3b5b6595d6cec0773a
                                                                                        • Instruction Fuzzy Hash: 76F086B65097845FD7118F16EC41862FFA8DB86630719C4AFFD4D8B612D225A908CBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012800A0, Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0e250ad8170fcbfe1d2de8cdbf859afaa2acff9096a47f46dd789e4597767ef
                                                                                        • Instruction ID: 0bef42cd2e24c1a491483ff948230bcfa5ee2ed0df2c13cb61b59d3edd460055
                                                                                        • Opcode Fuzzy Hash: c0e250ad8170fcbfe1d2de8cdbf859afaa2acff9096a47f46dd789e4597767ef
                                                                                        • Instruction Fuzzy Hash: 36F04F70D453499FCB51CFB8A8815DEBFF4EE46260B1100AAD448E7112E3790A16CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01281070, Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f5fd2872f9798455ccdd0858f44e16a16fff76087c058c919b97c494136b35d2
                                                                                        • Instruction ID: 8f30676b6752d6a8213e1c4514666b46390b892bc74b5b24b9a26714f038faca
                                                                                        • Opcode Fuzzy Hash: f5fd2872f9798455ccdd0858f44e16a16fff76087c058c919b97c494136b35d2
                                                                                        • Instruction Fuzzy Hash: B1F059323501509FD714A67E9C01F6737D9EBC4622F00442AFB09CB2C0DE61DC028390
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01281060, Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3eafe3bdc56fadc9205d3ee8c9880b3613b20cafa5e9106f2a2b4ee5bb606d2c
                                                                                        • Instruction ID: c18c3eb42f87ec9f48e6a1d6a07e7b3ff5cbc05e07cf3b9b629b959a5e85bc77
                                                                                        • Opcode Fuzzy Hash: 3eafe3bdc56fadc9205d3ee8c9880b3613b20cafa5e9106f2a2b4ee5bb606d2c
                                                                                        • Instruction Fuzzy Hash: D6F0C9307653C15FD32596394C02F233FE5ABC2221F05846AEE45CF2C2DAA08C0283A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012905F6, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293763170.0000000001290000.00000040.00000040.sdmp, Offset: 01290000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0ad3b155a9c5bd9c9cb42c542b7f76b509fca159b7e4cd5cc4a3d355b0a7ec28
                                                                                        • Instruction ID: 6b029f73ec3efce9c8f549995f3b5cdfd359295ebfd96c3b5fdce1496201b880
                                                                                        • Opcode Fuzzy Hash: 0ad3b155a9c5bd9c9cb42c542b7f76b509fca159b7e4cd5cc4a3d355b0a7ec28
                                                                                        • Instruction Fuzzy Hash: 45E06DB66046044B9650DF0AEC81452FBD8EB84630718C47FDC0D8BB01D276B5048FA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012810D0, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e5d87abacbbdacf6ffa4f1ea65f27e6dc12bdfee85ecd1d18fb391e0390b9a43
                                                                                        • Instruction ID: 9a02f3fc78a5a41b91d4d254be545596b039a2a8309c06bd878fb1629802ede1
                                                                                        • Opcode Fuzzy Hash: e5d87abacbbdacf6ffa4f1ea65f27e6dc12bdfee85ecd1d18fb391e0390b9a43
                                                                                        • Instruction Fuzzy Hash: 46F015B1D153089FCB90EFB898462EEBBF4EB45260F10417AC008E2600E23846028BA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01280F2C, Relevance: .0, Instructions: 25COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 26c181b4014df5ea340c90d8ebca271e29588be7a65e7dae803cc3689f97a389
                                                                                        • Instruction ID: 64a4426bd3ae1f9e8e9ae2dce2875768805df5483d8e716ce8bdd5dfd7859846
                                                                                        • Opcode Fuzzy Hash: 26c181b4014df5ea340c90d8ebca271e29588be7a65e7dae803cc3689f97a389
                                                                                        • Instruction Fuzzy Hash: 12E092347101209FCF58EB7CE0589A937EAEB88310312427BE509C7338CE315C45CB81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01280F30, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6ec72975f6956b3b5cc84b2dac6441436d362f9b87fccfd45bb52004f9da6893
                                                                                        • Instruction ID: 7601124ff5b3e3cea2ed3145a484e9b593ae7d34a62f2a210d2af2c802845bcf
                                                                                        • Opcode Fuzzy Hash: 6ec72975f6956b3b5cc84b2dac6441436d362f9b87fccfd45bb52004f9da6893
                                                                                        • Instruction Fuzzy Hash: 6FE0D8343100249FCB14FB7DE05895937EBEB882103124177E509C7328CE315C44CBC1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012800D0, Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fdebe0afab8922c699458df398387bba0a89c02e7fd59f2df413e69e55055c02
                                                                                        • Instruction ID: 5ea1d7e9b4ae15934da1e8972b9b8915f6ba7fd7e0a9e8e63001a7a0f9fd0986
                                                                                        • Opcode Fuzzy Hash: fdebe0afab8922c699458df398387bba0a89c02e7fd59f2df413e69e55055c02
                                                                                        • Instruction Fuzzy Hash: 20E07571E152199F8F50EFB999455DEBFF8EA48250B100466D518E3200E33156158BE5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012810E0, Relevance: .0, Instructions: 22COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000014.00000002.293754603.0000000001280000.00000040.00000001.sdmp, Offset: 01280000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 304baa23c172c0771e671f094e177c5887cd541db315e720ec98a43b481ff16b
                                                                                        • Instruction ID: 15c4a2aee6a79dae376056fc3755d27ac48a87ad69689527a3904fd59156b665
                                                                                        • Opcode Fuzzy Hash: 304baa23c172c0771e671f094e177c5887cd541db315e720ec98a43b481ff16b
                                                                                        • Instruction Fuzzy Hash: 26E0B6B1D112099ECB50EFBD98456DFBFF8EB48260F10403AD108E3240E63552118BE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Analysis Process: dhcpmon.exe PID: 6684 Parent PID: 3472 dhcpmon.exeCOMMON

                                                                                        Executed Functions

                                                                                        Function 00B1A4AA, Relevance: 1.6, APIs: 1, Instructions: 79fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteFile.KERNELBASE(?,00000E2C,A1459A50,00000000,00000000,00000000,00000000), ref: 00B1A53D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311802578.0000000000B1A000.00000040.00000001.sdmp, Offset: 00B1A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 4710dc60c83f7c097880a498649e8255bd87b5ce3dab75fb5f207280632f106a
                                                                                        • Instruction ID: 753d825fad933c60c5f0bc3e31313be1d928531d93d9ec7bce200a6ea97030b0
                                                                                        • Opcode Fuzzy Hash: 4710dc60c83f7c097880a498649e8255bd87b5ce3dab75fb5f207280632f106a
                                                                                        • Instruction Fuzzy Hash: 9B2183714093806FDB128B65DC84F96BFB8EF46310F0884DBE9849F153D364A949D772
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B1A1F4, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetConsoleOutputCP.KERNELBASE ref: 00B1A269
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311802578.0000000000B1A000.00000040.00000001.sdmp, Offset: 00B1A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ConsoleOutput
                                                                                        • String ID:
                                                                                        • API String ID: 3985236979-0
                                                                                        • Opcode ID: 368d919a6bf1e4dca8120fff82b7ce71f368dc327c4943efc068515b2d1bfcc1
                                                                                        • Instruction ID: fd78f92bf588b753d96c63d2f63291b48cef7c7947962eba7dee887560ce8911
                                                                                        • Opcode Fuzzy Hash: 368d919a6bf1e4dca8120fff82b7ce71f368dc327c4943efc068515b2d1bfcc1
                                                                                        • Instruction Fuzzy Hash: 81218E3140E3C09FD7138B259895692BFB4EF13220F0E81DBD9848F1A3D379A949CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B1A336, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 00B1A39C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311802578.0000000000B1A000.00000040.00000001.sdmp, Offset: 00B1A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: d333428fc232d8b635e4d3ab43605b7eddb896426778de1e42553426f1ff7045
                                                                                        • Instruction ID: 1a4d91939edc1ed24172a43a98e1f29410c5901b48532736504ca362f8ecd1e4
                                                                                        • Opcode Fuzzy Hash: d333428fc232d8b635e4d3ab43605b7eddb896426778de1e42553426f1ff7045
                                                                                        • Instruction Fuzzy Hash: 18216D7550A3C49FDB128B25DC45796BFB4EF06220F0984EBED85CF163D278A848CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B1A4DE, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • WriteFile.KERNELBASE(?,00000E2C,A1459A50,00000000,00000000,00000000,00000000), ref: 00B1A53D
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311802578.0000000000B1A000.00000040.00000001.sdmp, Offset: 00B1A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: FileWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3934441357-0
                                                                                        • Opcode ID: 25ee1eefce3f37840765e585cd5fba001c64f0348927059818a00d36111127db
                                                                                        • Instruction ID: 51f8e8feeca03da4a76aacce865b8c1d09e2daca4352ebb58a5be487bc013f70
                                                                                        • Opcode Fuzzy Hash: 25ee1eefce3f37840765e585cd5fba001c64f0348927059818a00d36111127db
                                                                                        • Instruction Fuzzy Hash: 1F11E771904200AFEB21CF55DC80F9AFBE8EF54320F1484AAEE459B151C774B444CB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B1A36A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • FindCloseChangeNotification.KERNELBASE(?), ref: 00B1A39C
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311802578.0000000000B1A000.00000040.00000001.sdmp, Offset: 00B1A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ChangeCloseFindNotification
                                                                                        • String ID:
                                                                                        • API String ID: 2591292051-0
                                                                                        • Opcode ID: 777d5c0a59cd4a5841c00fac53cba6ee4965a701f3d64e60d8ea8bddc98b62aa
                                                                                        • Instruction ID: 199ae2cf5e4677f1ecd273d8a68319d4292fd7c90ae651de5e83f7ce4a02ad5b
                                                                                        • Opcode Fuzzy Hash: 777d5c0a59cd4a5841c00fac53cba6ee4965a701f3d64e60d8ea8bddc98b62aa
                                                                                        • Instruction Fuzzy Hash: 9601DF75A012408FDB10CF29E8847AAFBE4DF40320F18C0AADD198F242D274A844CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B1A23A, Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • GetConsoleOutputCP.KERNELBASE ref: 00B1A269
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311802578.0000000000B1A000.00000040.00000001.sdmp, Offset: 00B1A000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID: ConsoleOutput
                                                                                        • String ID:
                                                                                        • API String ID: 3985236979-0
                                                                                        • Opcode ID: c44c17b379359647b4beab2b77b947f5441d74dda1778df3d6709687f42638d8
                                                                                        • Instruction ID: 270cf90c6f374ba72cdc818c726e94e141a45207e2ee502647c1f132bea393c5
                                                                                        • Opcode Fuzzy Hash: c44c17b379359647b4beab2b77b947f5441d74dda1778df3d6709687f42638d8
                                                                                        • Instruction Fuzzy Hash: 01F0AF309052448FDB108F19D8847A1FFE4EF44720F58C0EADD494B246D279B884CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0289049D, Relevance: .2, Instructions: 183COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.312152679.0000000002890000.00000040.00000040.sdmp, Offset: 02890000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e07f75b75fba9e1e5cb83654b33b69d126185360d3309d31343ce5e2b3d4ac6
                                                                                        • Instruction ID: 07432e41fb080fb0d8b0bad6210504af0502e6bd404deee3e44211bfba98d653
                                                                                        • Opcode Fuzzy Hash: 7e07f75b75fba9e1e5cb83654b33b69d126185360d3309d31343ce5e2b3d4ac6
                                                                                        • Instruction Fuzzy Hash: D711817564E3C09FCB038B25DD50951BFB8EF8362070984DBD885CF563D2296909CB32
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 028905AF, Relevance: .1, Instructions: 54COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.312152679.0000000002890000.00000040.00000040.sdmp, Offset: 02890000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f410e44b3ca0a1ffe102fbb52e590eea618b94675b1a498676eab24de0ae8f9a
                                                                                        • Instruction ID: 1802d98d6e8b5921973349960f12fd36b5cfae297307af9b66d2fe2ec59717cd
                                                                                        • Opcode Fuzzy Hash: f410e44b3ca0a1ffe102fbb52e590eea618b94675b1a498676eab24de0ae8f9a
                                                                                        • Instruction Fuzzy Hash: 54019675549780AFCB52CF1ADD41992FFFCEF87630709849BE849CB222D225A909CB71
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 028905F6, Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.312152679.0000000002890000.00000040.00000040.sdmp, Offset: 02890000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 58fd0e73a53d89a233e8f6734a804f2747ccc9d4f13bce31e9161bc21e760129
                                                                                        • Instruction ID: d3c020aa0e1c4b5de9f4bb44606d1632ab32f9bae12af0abb2a9366013accf02
                                                                                        • Opcode Fuzzy Hash: 58fd0e73a53d89a233e8f6734a804f2747ccc9d4f13bce31e9161bc21e760129
                                                                                        • Instruction Fuzzy Hash: A0E092B66006004BDA50CF0BEC81452F7D8EB84630718C47FDC0D8B701D235B904CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B123F4, Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311783508.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e49ef6a1804d08b1d2a23ac2082e0abc15a20f6d9bc38e9ac6b243bfd5e1dc02
                                                                                        • Instruction ID: ba10fa337c643b0857d0de0e22bc8f4c8c1b225be1a5a385f8eb467679b3658c
                                                                                        • Opcode Fuzzy Hash: e49ef6a1804d08b1d2a23ac2082e0abc15a20f6d9bc38e9ac6b243bfd5e1dc02
                                                                                        • Instruction Fuzzy Hash: 13D05EB9205A818FD3268B1CC1A9B953BD4EF51B04F8644F9E8008B763C368E9D1D200
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00B123BC, Relevance: .0, Instructions: 14COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.311783508.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4693d4ce65963587463af0404e135fb7a7b92fcb9781b062e3e2ac65780c6c8d
                                                                                        • Instruction ID: e9edfbf91f28a66530ddf782f463da5746022fb129e9b876e2553fd6c78fd237
                                                                                        • Opcode Fuzzy Hash: 4693d4ce65963587463af0404e135fb7a7b92fcb9781b062e3e2ac65780c6c8d
                                                                                        • Instruction Fuzzy Hash: 7DD05E342012814FC715DB1CD194F9937D4EB41B00F4644E8AC108B262C3A8ECD1D600
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions