Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report invoicepdf.exe

Overview

General Information

Sample Name:invoicepdf.exe
Analysis ID:358289
MD5:6f98206e6905f1f727e255d114d3c0ac
SHA1:71f6208364a668e72f8109a373c6c83c90b7999f
SHA256:97069c864ebe6a1a3e6e85bd1ff54351810cc32de3cdfe34f7fef15f04da0b87
Tags:AgentTeslaexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM_3
.NET source code contains very large strings
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Installs a global keyboard hook
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to detect virtual machines (STR)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • invoicepdf.exe (PID: 6812 cmdline: 'C:\Users\user\Desktop\invoicepdf.exe' MD5: 6F98206E6905F1F727E255D114D3C0AC)
    • schtasks.exe (PID: 6932 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • invoicepdf.exe (PID: 7052 cmdline: C:\Users\user\Desktop\invoicepdf.exe MD5: 6F98206E6905F1F727E255D114D3C0AC)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "FTP Info": "nasir@com-cept.comkhan@980.pkmail.com-cept.comlight@redwevamaldives.com"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
      00000000.00000002.337682468.0000000002ADC000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        00000005.00000002.598124128.0000000002D9F000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000000.00000002.338574835.0000000003B5E000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.invoicepdf.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              0.2.invoicepdf.exe.2ac5f2c.1.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                0.2.invoicepdf.exe.3d71aa0.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  0.2.invoicepdf.exe.3d71aa0.2.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.invoicepdf.exe.3c743f0.3.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Scheduled temp file as task from temp locationShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\invoicepdf.exe' , ParentImage: C:\Users\user\Desktop\invoicepdf.exe, ParentProcessId: 6812, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp', ProcessId: 6932

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 0.2.invoicepdf.exe.3d71aa0.2.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "FTP Info": "nasir@com-cept.comkhan@980.pkmail.com-cept.comlight@redwevamaldives.com"}
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\EuegmryBXVkd.exeReversingLabs: Detection: 10%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: invoicepdf.exeVirustotal: Detection: 17%Perma Link
                      Source: 5.2.invoicepdf.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

                      Compliance:

                      barindex
                      Uses 32bit PE filesShow sources
                      Source: invoicepdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Uses new MSVCR DllsShow sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
                      Source: invoicepdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Binary contains paths to debug symbolsShow sources
                      Source: Binary string: mscorrc.pdb source: invoicepdf.exe, 00000000.00000002.339404912.0000000004D20000.00000002.00000001.sdmp, invoicepdf.exe, 00000005.00000002.595636054.0000000000D30000.00000002.00000001.sdmp
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_04C8E2F0
                      Source: global trafficTCP traffic: 192.168.2.6:49754 -> 185.221.216.77:587
                      Source: Joe Sandbox ViewASN Name: HOST4GEEKS-LLCUS HOST4GEEKS-LLCUS
                      Source: global trafficTCP traffic: 192.168.2.6:49754 -> 185.221.216.77:587
                      Source: unknownDNS traffic detected: queries for: mail.com-cept.com
                      Source: invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpString found in binary or memory: http://HtsCZk.com
                      Source: invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%
                      Source: invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpString found in binary or memory: https://api.ipify.org%GETMozilla/5.0
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
                      Source: invoicepdf.exe, 00000000.00000002.338574835.0000000003B5E000.00000004.00000001.sdmp, invoicepdf.exe, 00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: invoicepdf.exe, 00000005.00000002.598124128.0000000002D9F000.00000004.00000001.sdmpString found in binary or memory: https://x4UtAvxhwOMMhTg.org

                      Key, Mouse, Clipboard, Microphone and Screen Capturing:

                      barindex
                      Installs a global keyboard hookShow sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeWindows user hook set: 0 keyboard low level C:\Users\user\Desktop\invoicepdf.exeJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary:

                      barindex
                      .NET source code contains very large stringsShow sources
                      Source: invoicepdf.exe, frmSplashScreen.csLong String: Length: 13656
                      Source: 0.2.invoicepdf.exe.2c0000.0.unpack, frmSplashScreen.csLong String: Length: 13656
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: invoicepdf.exe
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_051E111E NtQuerySystemInformation,0_2_051E111E
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_00CCB0BA NtQuerySystemInformation,5_2_00CCB0BA
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_00CCB089 NtQuerySystemInformation,5_2_00CCB089
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_002C52E60_2_002C52E6
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_04C846D80_2_04C846D8
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_04C848E00_2_04C848E0
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_04C846C80_2_04C846C8
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_04C855E80_2_04C855E8
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_04C853900_2_04C85390
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_04C853A00_2_04C853A0
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_004852E65_2_004852E6
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_029B96905_2_029B9690
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_029B7A945_2_029B7A94
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_029BD0F05_2_029BD0F0
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_029B92485_2_029B9248
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_029BBF905_2_029BBF90
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0570DD785_2_0570DD78
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0570F3F85_2_0570F3F8
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0570BDE05_2_0570BDE0
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_057007D65_2_057007D6
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_05707B985_2_05707B98
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0570D2205_2_0570D220
                      Source: invoicepdf.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: EuegmryBXVkd.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: invoicepdf.exeBinary or memory string: OriginalFilename vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.340371010.0000000005960000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAsyncState.dllF vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.339404912.0000000004D20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.337682468.0000000002ADC000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamexFMBnjPOeEEgNCcCePpgxKGYA.exe4 vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLegacyPathHandling.dllN vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.341740011.0000000005A60000.00000002.00000001.sdmpBinary or memory string: originalfilename vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000002.341740011.0000000005A60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000000.00000000.324546289.00000000002C2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSubcategoryMembershipEntry.exe< vs invoicepdf.exe
                      Source: invoicepdf.exeBinary or memory string: OriginalFilename vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamexFMBnjPOeEEgNCcCePpgxKGYA.exe4 vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000005.00000000.333970485.0000000000482000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameSubcategoryMembershipEntry.exe< vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000005.00000002.600207758.0000000005440000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx.mui vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000005.00000002.595816838.0000000000E60000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamewshom.ocx vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000005.00000002.599846996.0000000004F20000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs invoicepdf.exe
                      Source: invoicepdf.exe, 00000005.00000002.595636054.0000000000D30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs invoicepdf.exe
                      Source: invoicepdf.exeBinary or memory string: OriginalFilenameSubcategoryMembershipEntry.exe< vs invoicepdf.exe
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: security.dllJump to behavior
                      Source: invoicepdf.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: invoicepdf.exe, frmSplashScreen.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                      Source: 0.2.invoicepdf.exe.2c0000.0.unpack, frmSplashScreen.csBase64 encoded string: 'GIdDNNZNNNNRNNNN//8NNYtNNNNNNNNNDNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNtNNNNN4sht4NgNaAVotOGZ0uITucplOjpz9apzSgVTAuoz5iqPOvMFOlqJ4tnJ4tER9GVT1iMTHhQD0XWNNNNNNNNNODEDNNGNRQNViu868NNNNNNNNNNBNNNvRYNINNNPNNNNNTNNNNNNNNlw8NNNNtNNNNDNNNNNNNRDNtNNNNNtNNONNNNNNNNNNRNNNNNNNNNNPNNNNNNtNNNNNNNNZNDVHNNONNNONNNNNNRNNNRNNNNNNNNONNNNNNNNNNNNNNNUt/NNOCNNNNNRNNNBDQNNNNNNNNNNNNNNNNNNNNNNNNNTNNNNjNNNOpCjNNUNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNVNNNPNNNNNNNNNNNNNNNPPNNNRtNNNNNNNNNNNNNNP50MKu0NNNN0O8NNNNtNNNNVNNNNNVNNNNNNNNNNNNNNNNNNPNNNTNhpaAlLjNNNBDQNNNNDNNNNNDNNNNvNNNNNNNNNNNNNNNNNNONNNONYaWyoT9wNNNZNNNNNTNNNNNPNNNNWtNNNNNNNNNNNNNNNNNNDNNNDtNNNNNNNNNNNNNNNNNNNNPfCjNNNNNNNRtNNNNPNNHNhPHNNBjLNNNQNNNNNNNNNXD+NNP4NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNO4PXOLNNNbdWtNPXOpNNNbNXdMmTNNNPbNONNNRpkxNNNdNNtNNOUZnNNNXtNZNNNEmTjNNPbNRNNNRXuZjNDNDNNNNNDNNRDO+NDNNOT8pNNNXPvfNOvbGZNRNRNNNNNVNNORNstVNNNEiUDNNPtbeNNLdRmNONONNNNNQNNNENU4QNNNRok4NNNbXXjNTXuZjNDNDNNNNONNNRDO+ONNNOT8sNNNXPvfNOvbGZNVNCNNNNNHNNORNstHNNNDHXPNNNNbYOljuptRNNUQDODNNNvtuNNNXolVNNNcmVjNNPtjVtNHNNNDNNU4SNNNRPvfNOvbGZNRNPjNNNNLNNORNstLNNNDXXjNTXvVNNbNTNNNRXyMmQNNNOvtxNNNXqNLNNNXNOjNNOPbrNvtyNNNXXtNNRmNONNfNNNNUNNNENU4UNNNRPvfNOvbNRmNONNfNNNNUNNNENPtANNNTPvfNOvc+pwfNNUPNPNNNOUV7NNOjtNxNNNElBjNNpVNXNNNRXxbNNvtzNNNXNNZROFtENNNTNPbNNOZjONO0NNNNPNNNRDOmWjNNPtbTVYvPNDNtXWbONT8bNNNXXPxNNNbNNvtINNNTOPtHNNNTPjpbRjNNOtZbSDNNOvtFNNNTQNtbXtNNPt0WolfNNNbqzuZRRDEiYNNNPuhnRjHEOKV9NNOjTOvAStNNNFtgNNNXWuLbYtNNPtNdRmNSNWpNNNNWNNNENPtiNNNXN28jNNNXPjVPwzxK2cRspTRZNb5cS9LK2usJwF8NNNRANb5cS9bGOORRRjHJRjLeBtxEOtVEOcRVLDpEO5SugWjEOjAiZDNNPusn/tRGPORVRjxEPFjTSuZUNPfVNORUS9LGOjNEOusJRjLEOuRSZpNWNb5cTAbK1usnS9nAYjNNNFtlNNNXqNHNNOfXXjNTXtNGZNHNctNNNNbNNORNStfPomZNNNbGOkVUXQDNNNbZPNwLTgtAPEsnS9nAYjNNNEZRPOsnRjtJRjxeDjtK2uZXSuZYXl0PRDxEP281NNNXRjjFQPt2NNNXXQpNNNbJRDDUTvt4NNNXNNpn1tfEPksJRjfEPkRXZp0EPEsJRjxEPERVZopEOOLbBDNNPuZSRDHK2usJwF8NNNRGOuRRTuRTSuRTwzxbBNNNPtNEOtbeNNLdNNNGZNVNXNNNNNfNNORNN3WYNNOjXQbNNNbbBjNNPaZwNNNXPjpPomjNNNc0VtNNNDbeNNLdRmNRNRbNNNNZNNNENNWiZDNNPuuopm0NNNbYNz8kNNNXTAbZSt0eUjpPPEuiCtNNPu8DXQ8NNNbbDNNNPz9ONNNXWtxL1t0WPQUqO29PNNNXPvfNOvbNNOZjNDNUNNNNQDNNRDNHPvfNOvcTNNVJztVKztVLzvtENNNTNPbNNNNGZNZNVNNNNN4NNORNsttNNNE+PDNNOU4XNNNRXORNNNLNpwfNNUNXXjNTXuZjNtNFNNNNQjNNRDNPNluQNNNXXRDNNNbXXjNTXtNNRmNONNjNNNNDNNNENNVbEDNNPtbeNNLdRmNONONNNNNENNNENANWNNNPXPRNNNbXXjNTXuZjNDNZNNNNQtNNRDNPXRLNNNbXXjNTXuZjNtNqNNNNRtNNRDNPwNLNNOfH/tRYOljVXNRNNPfXXjHNNtbeNNLdWtNQ/uHTNNNoXvLNNvtzNNNXNPbNNNNGZNVNADNNNOZNNORNNagVNNNXo0xNNNbYO4jWNNNoSC4OQNtfSPtPNNNePjW7FNNNPtqiFtNNPtNNNNpXXjNTXyVNNvtzNNNXNNWmFjNNPa1VNNNXXv4bTNNNObNZNNNRXu4PXPLNNNbdNNOPH0cPNDNONNNNNNNZNNNNqwVhZP41ZQplAjNNNNNSNTjNNNPbPDNNV34NNODXNNOjPDNNV1A0pzyhM3ZNNNNNuOZNNTDNNNNwIIZN6OZNNONNNNNwE1IWENNNNCtGNNQ0ONNNV0Wfo2VNNNNNNNNNNtNNNIpIbtxWQjNNNCbOZjNJNNNONNNNBDNNNNfNNNNZNNNNVjNNNORNNNOYNNNNCjNNNOZNNNNTNNNNPtNNNNjNNNNWNNNNNDNNNNDNNNNONNNNNjNNNNZNNNNPNNNNNNNZODRNNNNNNNLNdtBJOjLNSjFJOjLNztYZOt8NQttNNNLN2jXzODLNwDBzODLN/tBzODLNltBzODLN4jBzODL
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/4@1/2
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_051E0FA2 AdjustTokenPrivileges,0_2_051E0FA2
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_00CCAF3E AdjustTokenPrivileges,5_2_00CCAF3E
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_00CCAF07 AdjustTokenPrivileges,5_2_00CCAF07
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile created: C:\Users\user\AppData\Roaming\EuegmryBXVkd.exeJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeMutant created: \Sessions\1\BaseNamedObjects\zpWvzg
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6984:120:WilError_01
                      Source: C:\Users\user\Desktop\invoicepdf.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile created: C:\Users\user\AppData\Local\Temp\tmp5A9C.tmpJump to behavior
                      Source: invoicepdf.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\invoicepdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                      Source: invoicepdf.exeVirustotal: Detection: 17%
                      Source: invoicepdf.exeString found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
                      Source: invoicepdf.exeString found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
                      Source: invoicepdf.exeString found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
                      Source: invoicepdf.exeString found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile read: C:\Users\user\Desktop\invoicepdf.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\invoicepdf.exe 'C:\Users\user\Desktop\invoicepdf.exe'
                      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp'
                      Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\Desktop\invoicepdf.exe C:\Users\user\Desktop\invoicepdf.exe
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp'Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess created: C:\Users\user\Desktop\invoicepdf.exe C:\Users\user\Desktop\invoicepdf.exeJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: invoicepdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: invoicepdf.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: mscorrc.pdb source: invoicepdf.exe, 00000000.00000002.339404912.0000000004D20000.00000002.00000001.sdmp, invoicepdf.exe, 00000005.00000002.595636054.0000000000D30000.00000002.00000001.sdmp
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_002CD32B push 6F060001h; iretd 0_2_002CD340
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_002CD381 push 6F060001h; iretd 0_2_002CD396
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_002CD399 push 6F060001h; iretd 0_2_002CD3C8
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_02553210 pushad ; retf 0_2_02553219
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_02552E09 push eax; retf 0_2_025531A5
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0048D381 push 6F060001h; iretd 5_2_0048D396
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0048D399 push 6F060001h; iretd 5_2_0048D3C8
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_0048D32B push 6F060001h; iretd 5_2_0048D340
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_055F4344 push cs; retf 5_2_055F435B
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_055F43B8 push cs; retf 5_2_055F43CF
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_055F42D0 push cs; retf 5_2_055F42E7
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.06854919564
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.06854919564
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile created: C:\Users\user\AppData\Roaming\EuegmryBXVkd.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp'
                      Source: C:\Users\user\Desktop\invoicepdf.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM_3Show sources
                      Source: Yara matchFile source: 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.337682468.0000000002ADC000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: invoicepdf.exe PID: 6812, type: MEMORY
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.2ac5f2c.1.raw.unpack, type: UNPACKEDPE
                      Found evasive API chain (trying to detect sleep duration tampering with parallel thread)Show sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeFunction Chain: systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,processSet,processSet,memAlloc,memAlloc,memAlloc,memAlloc,memAlloc,memAlloc
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_0255833A str word ptr [eax+40h]0_2_0255833A
                      Source: C:\Users\user\Desktop\invoicepdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeWindow / User API: threadDelayed 645Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 6816Thread sleep time: -100358s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 6836Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 1688Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 1688Thread sleep count: 645 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 1688Thread sleep time: -19350000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 1688Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exe TID: 1688Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\invoicepdf.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\invoicepdf.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\invoicepdf.exeLast function: Thread delayed
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: invoicepdf.exe, 00000005.00000002.599846996.0000000004F20000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: invoicepdf.exe, 00000005.00000002.599846996.0000000004F20000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
                      Source: invoicepdf.exe, 00000005.00000002.599846996.0000000004F20000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: invoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                      Source: invoicepdf.exe, 00000005.00000002.599846996.0000000004F20000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 5_2_029B3A88 LdrInitializeThunk,5_2_029B3A88
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeMemory written: C:\Users\user\Desktop\invoicepdf.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp'Jump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeProcess created: C:\Users\user\Desktop\invoicepdf.exe C:\Users\user\Desktop\invoicepdf.exeJump to behavior
                      Source: invoicepdf.exe, 00000005.00000002.595866413.0000000001200000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: invoicepdf.exe, 00000005.00000002.595866413.0000000001200000.00000002.00000001.sdmpBinary or memory string: Progman
                      Source: invoicepdf.exe, 00000005.00000002.595866413.0000000001200000.00000002.00000001.sdmpBinary or memory string: &Program Manager
                      Source: invoicepdf.exe, 00000005.00000002.595866413.0000000001200000.00000002.00000001.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\invoicepdf.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeQueries volume information: C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeCode function: 0_2_00B5B0BE GetUserNameW,0_2_00B5B0BE
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.598124128.0000000002D9F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.338574835.0000000003B5E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: invoicepdf.exe PID: 7052, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: invoicepdf.exe PID: 6812, type: MEMORY
                      Source: Yara matchFile source: 5.2.invoicepdf.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3d71aa0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3d71aa0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3c743f0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3c187d0.4.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\Desktop\invoicepdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                      Source: Yara matchFile source: 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: invoicepdf.exe PID: 7052, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.598124128.0000000002D9F000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.338574835.0000000003B5E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: invoicepdf.exe PID: 7052, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: invoicepdf.exe PID: 6812, type: MEMORY
                      Source: Yara matchFile source: 5.2.invoicepdf.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3d71aa0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3d71aa0.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3c743f0.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.invoicepdf.exe.3c187d0.4.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11OS Credential Dumping2Account Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Scheduled Task/Job1Access Token Manipulation1Obfuscated Files or Information31Input Capture11File and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Process Injection112Software Packing2Credentials in Registry1System Information Discovery114SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsScheduled Task/Job1Logon Script (Mac)Scheduled Task/Job1DLL Side-Loading1NTDSQuery Registry1Distributed Component Object ModelInput Capture11Scheduled TransferApplication Layer Protocol11SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsSecurity Software Discovery321SSHClipboard Data1Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion15Cached Domain CredentialsVirtualization/Sandbox Evasion15VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsAccess Token Manipulation1DCSyncProcess Discovery2Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection112Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 358289 Sample: invoicepdf.exe Startdate: 25/02/2021 Architecture: WINDOWS Score: 100 29 Found malware configuration 2->29 31 Multi AV Scanner detection for dropped file 2->31 33 Sigma detected: Scheduled temp file as task from temp location 2->33 35 7 other signatures 2->35 7 invoicepdf.exe 7 2->7         started        process3 file4 19 C:\Users\user\AppData\...uegmryBXVkd.exe, PE32 7->19 dropped 21 C:\Users\user\AppData\Local\...\tmp5A9C.tmp, XML 7->21 dropped 23 C:\Users\user\AppData\...\invoicepdf.exe.log, ASCII 7->23 dropped 37 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->37 39 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->39 41 Injects a PE file into a foreign processes 7->41 43 Found evasive API chain (trying to detect sleep duration tampering with parallel thread) 7->43 11 invoicepdf.exe 4 7->11         started        15 schtasks.exe 1 7->15         started        signatures5 process6 dnsIp7 25 mail.com-cept.com 185.221.216.77, 49754, 587 HOST4GEEKS-LLCUS United Kingdom 11->25 27 192.168.2.1 unknown unknown 11->27 45 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 11->45 47 Tries to steal Mail credentials (via file access) 11->47 49 Tries to harvest and steal ftp login credentials 11->49 51 2 other signatures 11->51 17 conhost.exe 15->17         started        signatures8 process9

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      invoicepdf.exe17%VirustotalBrowse

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\EuegmryBXVkd.exe10%ReversingLabsWin32.Trojan.Wacatac

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      5.2.invoicepdf.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      https://api.ipify.org%GETMozilla/5.00%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      https://x4UtAvxhwOMMhTg.org0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://api.ipify.org%0%URL Reputationsafe
                      https://api.ipify.org%0%URL Reputationsafe
                      https://api.ipify.org%0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      http://HtsCZk.com0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      mail.com-cept.com
                      		185.221.216.77
                      		truetrue
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://127.0.0.1:HTTP/1.1invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		low
                        https://api.ipify.org%GETMozilla/5.0invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        http://DynDns.comDynDNSinvoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://x4UtAvxhwOMMhTg.orginvoicepdf.exe, 00000005.00000002.598124128.0000000002D9F000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%hainvoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        https://api.ipify.org%invoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		low
                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipinvoicepdf.exe, 00000000.00000002.338574835.0000000003B5E000.00000004.00000001.sdmp, invoicepdf.exe, 00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://HtsCZk.cominvoicepdf.exe, 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssinvoicepdf.exe, 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmpfalse
                          		high

                          Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public

                          IPDomainCountryFlagASNASN NameMalicious
                          185.221.216.77
                          		unknownUnited Kingdom
                          		393960HOST4GEEKS-LLCUStrue

                          Private

                          IP
                          192.168.2.1

                          General Information

                          Joe Sandbox Version:31.0.0 Emerald
                          Analysis ID:358289
                          Start date:25.02.2021
                          Start time:11:41:09
                          Joe Sandbox Product:CloudBasic
                          Overall analysis duration:0h 9m 6s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Sample file name:invoicepdf.exe
                          Cookbook file name:default.jbs
                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                          Number of analysed new started processes analysed:26
                          Number of new started drivers analysed:0
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • HDC enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Detection:MAL
                          Classification:mal100.troj.spyw.evad.winEXE@6/4@1/2
                          EGA Information:Failed
                          HDC Information:
                          • Successful, ratio: 4.6% (good quality ratio 3.2%)
                          • Quality average: 56.4%
                          • Quality standard deviation: 42.1%
                          HCA Information:
                          • Successful, ratio: 91%
                          • Number of executed functions: 268
                          • Number of non-executed functions: 6
                          Cookbook Comments:
                          • Adjust boot time
                          • Enable AMSI
                          • Found application associated with file extension: .exe
                          Warnings:
                          Show All
                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                          • Excluded IPs from analysis (whitelisted): 104.42.151.234, 131.253.33.200, 13.107.22.200, 23.211.6.115, 52.147.198.201, 51.104.139.180, 2.20.142.209, 2.20.142.210, 67.26.73.254, 8.248.143.254, 8.253.95.249, 8.253.95.120, 67.26.83.254, 51.103.5.159, 52.155.217.156, 20.54.26.129, 92.122.213.194, 92.122.213.247, 184.30.20.56
                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, vip1-par02p.wns.notify.trafficmanager.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, dual-a-0001.dc-msedge.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          11:41:59API Interceptor946x Sleep call for process: invoicepdf.exe modified

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                          185.221.216.77invoice.pdf.exeGet hashmaliciousBrowse
                            invoice copys.exeGet hashmaliciousBrowse

                              Domains

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              mail.com-cept.cominvoice.pdf.exeGet hashmaliciousBrowse
                              • 185.221.216.77
                              invoice copys.exeGet hashmaliciousBrowse
                              • 185.221.216.77

                              ASN

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              HOST4GEEKS-LLCUSinvoice.pdf.exeGet hashmaliciousBrowse
                              • 185.221.216.77
                              synchronossTicket#513473.htmGet hashmaliciousBrowse
                              • 185.221.216.34
                              invoice copys.exeGet hashmaliciousBrowse
                              • 185.221.216.77
                              55-2912.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              DAT_G_0259067.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              DAT_G_0259067.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              5349 TED_04235524.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              5349 TED_04235524.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              FILE_122020_VVY_591928.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              Archivo_29_48214503.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              Adjunto 29 886_473411.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              Informacion_29.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              Informacion_29.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              Informacion_122020_EUH-4262717.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              1923620_YY-5094713.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              Doc 2912 75513.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              DAT.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              ARCHIVOFile_762-36284.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              4640-2912-122020.docGet hashmaliciousBrowse
                              • 66.85.46.76
                              MENSAJE_29_2020.docGet hashmaliciousBrowse
                              • 66.85.46.76

                              JA3 Fingerprints

                              No context

                              Dropped Files

                              No context

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\invoicepdf.exe.log
                              Process:C:\Users\user\Desktop\invoicepdf.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:modified
                              Size (bytes):664
                              Entropy (8bit):5.288448637977022
                              Encrypted:false
                              SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                              MD5:B1DB55991C3DA14E35249AEA1BC357CA
                              SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                              SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                              SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                              Malicious:true
                              Reputation:moderate, very likely benign file
                              Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                              C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp
                              Process:C:\Users\user\Desktop\invoicepdf.exe
                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):1657
                              Entropy (8bit):5.161993843403802
                              Encrypted:false
                              SSDEEP:24:2dH4+SEqC/S7h2ulNMFp2O/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB3stn:cbha7JlNQV/rydbz9I3YODOLNdq3s
                              MD5:9149142410DC43256D3D9AF56DBDEEAA
                              SHA1:3A42048F278DEF0A3CA6033B90E5BF6ABF15480B
                              SHA-256:8E67B925715A8CD51CAC18764A72B58A3547345A896B05AF84EA811FBF3DEBBC
                              SHA-512:B0AF46671E2D5EC56FF9038E7E3F5F394BF4D14D0120244B623A13FA0786C91EE81464F66F6023617E7A66B4E1B81E90D0B6782CA2E8455E406B099E97ECAFF1
                              Malicious:true
                              Reputation:low
                              Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvail
                              C:\Users\user\AppData\Roaming\EuegmryBXVkd.exe
                              Process:C:\Users\user\Desktop\invoicepdf.exe
                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Category:dropped
                              Size (bytes):788992
                              Entropy (8bit):7.074594045321417
                              Encrypted:false
                              SSDEEP:12288:ZSprUPZb4NuAvlTwvtonQkJzUOBjgQQiq62fo1:ZEU4NuA9QkyO2im2
                              MD5:6F98206E6905F1F727E255D114D3C0AC
                              SHA1:71F6208364A668E72F8109A373C6C83C90B7999F
                              SHA-256:97069C864EBE6A1A3E6E85BD1FF54351810CC32DE3CDFE34F7FEF15F04DA0B87
                              SHA-512:53E6E020FD5DF48E7909C42C01E1FD565FE0107C0248C359B22394F67C0F3E8A67C1C7A59C70D9C964AD3D44963735505C69B7D242C3E688C9DB4758DB407703
                              Malicious:true
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 10%
                              Reputation:low
                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t7`..............P......N......r.... ........@.. .......................`............@................................. ...O.......LK...................@....................................................... ............... ..H............text...x.... ...................... ..`.rsrc...LK.......L..................@..@.reloc.......@......................@..B................T.......H..........TO..........0................................................0............(....(..........(.....o.....*.....................(.......( ......(!......("......(#....*N..(....oL...($....*&..(%....*.s&........s'........s(........s)........s*........*....0...........~....o+....+..*.0...........~....o,....+..*.0...........~....o-....+..*.0...........~....o.....+..*.0...........~....o/....+..*.0..<........~.....(0.....,!r...p.....(1...o2...s3............~.....+..*.0......
                              C:\Users\user\AppData\Roaming\EuegmryBXVkd.exe:Zone.Identifier
                              Process:C:\Users\user\Desktop\invoicepdf.exe
                              File Type:ASCII text, with CRLF line terminators
                              Category:dropped
                              Size (bytes):26
                              Entropy (8bit):3.95006375643621
                              Encrypted:false
                              SSDEEP:3:ggPYV:rPYV
                              MD5:187F488E27DB4AF347237FE461A079AD
                              SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                              SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                              SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                              Malicious:false
                              Reputation:high, very likely benign file
                              Preview: [ZoneTransfer]....ZoneId=0

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                              Entropy (8bit):7.074594045321417
                              TrID:
                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              • Win32 Executable (generic) a (10002005/4) 49.75%
                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                              • Windows Screen Saver (13104/52) 0.07%
                              • Generic Win/DOS Executable (2004/3) 0.01%
                              File name:invoicepdf.exe
                              File size:788992
                              MD5:6f98206e6905f1f727e255d114d3c0ac
                              SHA1:71f6208364a668e72f8109a373c6c83c90b7999f
                              SHA256:97069c864ebe6a1a3e6e85bd1ff54351810cc32de3cdfe34f7fef15f04da0b87
                              SHA512:53e6e020fd5df48e7909c42c01e1fd565fe0107c0248c359b22394f67c0f3e8a67c1c7a59c70d9c964ad3d44963735505c69b7d242c3e688c9db4758db407703
                              SSDEEP:12288:ZSprUPZb4NuAvlTwvtonQkJzUOBjgQQiq62fo1:ZEU4NuA9QkyO2im2
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....t7`..............P......N......r.... ........@.. .......................`............@................................

                              File Icon

                              Icon Hash:f8c492aaaa92dcfe

                              Static PE Info

                              General

                              Entrypoint:0x4bd872
                              Entrypoint Section:.text
                              Digitally signed:false
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                              Time Stamp:0x6037748A [Thu Feb 25 09:57:30 2021 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:v2.0.50727
                              OS Version Major:4
                              OS Version Minor:0
                              File Version Major:4
                              File Version Minor:0
                              Subsystem Version Major:4
                              Subsystem Version Minor:0
                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                              Entrypoint Preview

                              Instruction
                              jmp dword ptr [00402000h]
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al
                              add byte ptr [eax], al

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0xbd8200x4f.text
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xbe0000x4b4c.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc40000xc.reloc
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x20000xbb8780xbba00False0.608667138574data7.06854919564IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                              .rsrc0xbe0000x4b4c0x4c00False0.487201891447data5.74193482381IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .reloc0xc40000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountry
                              RT_ICON0xbe1c00x468GLS_BINARY_LSB_FIRST
                              RT_ICON0xbe6280x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 4275388049, next used block 4258479509
                              RT_ICON0xbf6d00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 3771611807, next used block 3167566498
                              RT_GROUP_ICON0xc1c780x30data
                              RT_GROUP_ICON0xc1ca80x14data
                              RT_VERSION0xc1cbc0x378data
                              RT_MANIFEST0xc20340xb15XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF, LF line terminators

                              Imports

                              DLLImport
                              mscoree.dll_CorExeMain

                              Version Infos

                              DescriptionData
                              Translation0x0000 0x04b0
                              LegalCopyrightCopyright 2014
                              Assembly Version3.0.0.0
                              InternalNameSubcategoryMembershipEntry.exe
                              FileVersion3.0.0.0
                              CompanyNameKTV
                              LegalTrademarks
                              Comments
                              ProductNameKTVManagement
                              ProductVersion3.0.0.0
                              FileDescriptionKTVManagement
                              OriginalFilenameSubcategoryMembershipEntry.exe

                              Network Behavior

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Feb 25, 2021 11:43:31.370840073 CET49754587192.168.2.6185.221.216.77
                              Feb 25, 2021 11:43:31.428172112 CET58749754185.221.216.77192.168.2.6
                              Feb 25, 2021 11:43:31.429424047 CET49754587192.168.2.6185.221.216.77
                              Feb 25, 2021 11:43:31.562700033 CET58749754185.221.216.77192.168.2.6
                              Feb 25, 2021 11:43:31.565654993 CET49754587192.168.2.6185.221.216.77
                              Feb 25, 2021 11:43:31.623167992 CET58749754185.221.216.77192.168.2.6
                              Feb 25, 2021 11:43:31.624363899 CET49754587192.168.2.6185.221.216.77
                              Feb 25, 2021 11:43:31.683339119 CET58749754185.221.216.77192.168.2.6
                              Feb 25, 2021 11:43:31.715395927 CET49754587192.168.2.6185.221.216.77
                              Feb 25, 2021 11:43:31.773184061 CET58749754185.221.216.77192.168.2.6
                              Feb 25, 2021 11:43:31.773322105 CET49754587192.168.2.6185.221.216.77

                              UDP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Feb 25, 2021 11:41:49.699194908 CET5451353192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:49.734250069 CET6204453192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:49.747864962 CET53545138.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:49.785949945 CET53620448.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:51.229141951 CET6379153192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:51.281054974 CET53637918.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:51.926170111 CET6426753192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:51.985377073 CET53642678.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:52.386835098 CET4944853192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:52.449146986 CET53494488.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:53.526319027 CET6034253192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:53.575036049 CET53603428.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:54.992599964 CET6134653192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:55.043550968 CET53613468.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:55.847457886 CET5177453192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:56.861562967 CET5177453192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:57.876817942 CET5177453192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:57.928577900 CET53517748.8.8.8192.168.2.6
                              Feb 25, 2021 11:41:59.229866028 CET5602353192.168.2.68.8.8.8
                              Feb 25, 2021 11:41:59.278750896 CET53560238.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:01.666904926 CET5838453192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:01.715954065 CET53583848.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:02.539083958 CET6026153192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:02.588154078 CET53602618.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:03.722847939 CET5606153192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:03.774718046 CET53560618.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:05.102363110 CET5833653192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:05.161025047 CET53583368.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:06.278151989 CET5378153192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:06.327392101 CET53537818.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:07.443907022 CET5406453192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:07.493066072 CET53540648.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:08.589304924 CET5281153192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:08.639059067 CET53528118.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:09.869546890 CET5529953192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:09.921233892 CET53552998.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:11.277381897 CET6374553192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:11.326066971 CET53637458.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:12.736093998 CET5005553192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:12.784821987 CET53500558.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:15.552386999 CET6137453192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:15.601363897 CET53613748.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:25.583460093 CET5033953192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:25.632186890 CET53503398.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:45.148912907 CET6330753192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:45.210259914 CET53633078.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:45.310525894 CET4969453192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:45.361241102 CET53496948.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:47.312665939 CET5498253192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:47.364840984 CET53549828.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:47.882683039 CET5001053192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:47.967247009 CET53500108.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:48.884064913 CET6371853192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:48.944849014 CET53637188.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:49.664988995 CET6211653192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:49.730720043 CET53621168.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:50.479805946 CET6381653192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:50.539237022 CET53638168.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:51.013923883 CET5501453192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:51.071263075 CET53550148.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:52.064951897 CET6220853192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:52.129256010 CET53622088.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:53.159595013 CET5757453192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:53.228266954 CET53575748.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:54.146301985 CET5181853192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:54.218048096 CET53518188.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:54.380764008 CET5662853192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:54.440798044 CET53566288.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:56.036001921 CET6077853192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:56.087968111 CET53607788.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:56.758483887 CET5379953192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:56.815855980 CET53537998.8.8.8192.168.2.6
                              Feb 25, 2021 11:42:59.353415966 CET5468353192.168.2.68.8.8.8
                              Feb 25, 2021 11:42:59.414673090 CET53546838.8.8.8192.168.2.6
                              Feb 25, 2021 11:43:30.139228106 CET5932953192.168.2.68.8.8.8
                              Feb 25, 2021 11:43:30.187971115 CET53593298.8.8.8192.168.2.6
                              Feb 25, 2021 11:43:30.871164083 CET6402153192.168.2.68.8.8.8
                              Feb 25, 2021 11:43:30.939100981 CET53640218.8.8.8192.168.2.6
                              Feb 25, 2021 11:43:31.287022114 CET5612953192.168.2.68.8.8.8
                              Feb 25, 2021 11:43:31.352623940 CET53561298.8.8.8192.168.2.6
                              Feb 25, 2021 11:43:32.426588058 CET5817753192.168.2.68.8.8.8
                              Feb 25, 2021 11:43:32.491616964 CET53581778.8.8.8192.168.2.6

                              DNS Queries

                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                              Feb 25, 2021 11:43:31.287022114 CET192.168.2.68.8.8.80x73d0Standard query (0)mail.com-cept.comA (IP address)IN (0x0001)

                              DNS Answers

                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                              Feb 25, 2021 11:43:31.352623940 CET8.8.8.8192.168.2.60x73d0No error (0)mail.com-cept.com185.221.216.77A (IP address)IN (0x0001)

                              SMTP Packets

                              TimestampSource PortDest PortSource IPDest IPCommands
                              Feb 25, 2021 11:43:31.562700033 CET58749754185.221.216.77192.168.2.6220-uksrv3.websiteserverbox.com ESMTP Exim 4.93 #2 Thu, 25 Feb 2021 05:43:30 -0500
                              220-We do not authorize the use of this system to transport unsolicited,
                              220 and/or bulk e-mail.
                              Feb 25, 2021 11:43:31.565654993 CET49754587192.168.2.6185.221.216.77EHLO 123716
                              Feb 25, 2021 11:43:31.623167992 CET58749754185.221.216.77192.168.2.6250-uksrv3.websiteserverbox.com Hello 123716 [84.17.52.78]
                              250-SIZE 52428800
                              250-8BITMIME
                              250-PIPELINING
                              250-AUTH PLAIN LOGIN
                              250-STARTTLS
                              250 HELP
                              Feb 25, 2021 11:43:31.624363899 CET49754587192.168.2.6185.221.216.77STARTTLS
                              Feb 25, 2021 11:43:31.683339119 CET58749754185.221.216.77192.168.2.6220 TLS go ahead

                              Code Manipulations

                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              High Level Behavior Distribution

                              Click to dive into process behavior distribution

                              Behavior

                              Click to jump to process

                              System Behavior

                              Analysis Process: invoicepdf.exe PID: 6812 Parent PID: 5916

                              General

                              Start time:11:41:58
                              Start date:25/02/2021
                              Path:C:\Users\user\Desktop\invoicepdf.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Users\user\Desktop\invoicepdf.exe'
                              Imagebase:0x2c0000
                              File size:788992 bytes
                              MD5 hash:6F98206E6905F1F727E255D114D3C0AC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.337569981.0000000002AB1000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.337682468.0000000002ADC000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.338574835.0000000003B5E000.00000004.00000001.sdmp, Author: Joe Security
                              Reputation:low

                              Chronological Activities

                              Analysis Process: schtasks.exe PID: 6932 Parent PID: 6812

                              General

                              Start time:11:42:01
                              Start date:25/02/2021
                              Path:C:\Windows\SysWOW64\schtasks.exe
                              Wow64 process (32bit):true
                              Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\EuegmryBXVkd' /XML 'C:\Users\user\AppData\Local\Temp\tmp5A9C.tmp'
                              Imagebase:0x1120000
                              File size:185856 bytes
                              MD5 hash:15FF7D8324231381BAD48A052F85DF04
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: conhost.exe PID: 6984 Parent PID: 6932

                              General

                              Start time:11:42:02
                              Start date:25/02/2021
                              Path:C:\Windows\System32\conhost.exe
                              Wow64 process (32bit):false
                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Imagebase:0x7ff61de10000
                              File size:625664 bytes
                              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Reputation:high

                              Chronological Activities

                              Analysis Process: invoicepdf.exe PID: 7052 Parent PID: 6812

                              General

                              Start time:11:42:02
                              Start date:25/02/2021
                              Path:C:\Users\user\Desktop\invoicepdf.exe
                              Wow64 process (32bit):true
                              Commandline:C:\Users\user\Desktop\invoicepdf.exe
                              Imagebase:0x480000
                              File size:788992 bytes
                              MD5 hash:6F98206E6905F1F727E255D114D3C0AC
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:.Net C# or VB.NET
                              Yara matches:
                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.594160867.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.598124128.0000000002D9F000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmp, Author: Joe Security
                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.597890821.0000000002D11000.00000004.00000001.sdmp, Author: Joe Security
                              Reputation:low

                              Chronological Activities

                              Disassembly

                              Code Analysis

                              Reset < >

                                Analysis Process: invoicepdf.exe PID: 6812 Parent PID: 5916 invoicepdf.exeCOMMON

                                Executed Functions

                                Function 051E0FA2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE ref: 051E0FEB
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 6764c025775cc8f7733d29e219c103a6dd490a980a4853c70a04a1ea4603d71c
                                • Instruction ID: 7f95bcecdee7d916297c4e8ce0abb4061a4043ca871e70e4d3a047c6b89f469d
                                • Opcode Fuzzy Hash: 6764c025775cc8f7733d29e219c103a6dd490a980a4853c70a04a1ea4603d71c
                                • Instruction Fuzzy Hash: 17117071500644AFDB21CF65D884B66FBE4EF08720F08C4AAEE468B612E775E418CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5B0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00B5B10E
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: ff38119684a6e4f2ec1f9d88b7b04ecd88d8186259dd3ed8be5c45427f866ca1
                                • Instruction ID: 6017de0fdecffbb14503fce1269d7ed550e17d34cab9f1cf9744814f9643fad5
                                • Opcode Fuzzy Hash: ff38119684a6e4f2ec1f9d88b7b04ecd88d8186259dd3ed8be5c45427f866ca1
                                • Instruction Fuzzy Hash: 8F016D76600600ABD610DF16DC86F26FBA8FBC8B20F14815AED085B741E775F916CBE6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E111E, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL ref: 051E1159
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: 53f92ef81c5fdcd567b862a25eed7a3129b107a6dca28409bf913d7d6a8e7870
                                • Instruction ID: 0ec5b4789450e9e252268db4f698b0a259d1cac7cf144217ac0deb3895713281
                                • Opcode Fuzzy Hash: 53f92ef81c5fdcd567b862a25eed7a3129b107a6dca28409bf913d7d6a8e7870
                                • Instruction Fuzzy Hash: 18018B31500A04EFDB20CF69DC84B22FFA1EF08320F18C49ADE494B616D3B6A418DB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C848E0, Relevance: .2, Instructions: 168COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c681862764a8c266e8a44939f21d999f9ca904b7ef4cb6c7acfbfeef39250353
                                • Instruction ID: 2bea7b1ac3fca2d868b235ad79b34021adc2a43ccb317287ea427ffaec094aac
                                • Opcode Fuzzy Hash: c681862764a8c266e8a44939f21d999f9ca904b7ef4cb6c7acfbfeef39250353
                                • Instruction Fuzzy Hash: CA613CB0D002599FDB08DFAAC4946EDFBF2BF98328B54C259D424AB355E730A941CF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C846D8, Relevance: .2, Instructions: 167COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4efb0ba2fdbb3aa5ed003d66b0d466b0ab9edad83aebe0d0d3f24de8fc42df70
                                • Instruction ID: 7f7cfddd2011138c8098e9ccd4fbc1fb88a9e2dee398500797105aacadb42064
                                • Opcode Fuzzy Hash: 4efb0ba2fdbb3aa5ed003d66b0d466b0ab9edad83aebe0d0d3f24de8fc42df70
                                • Instruction Fuzzy Hash: 9451F371D002198BDF08DFAAC8506EEFBB3EF99329F548129D524BB251EB316902CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C846C8, Relevance: .1, Instructions: 131COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b942db27bfb419df6e209cd9c2d0799bb3143137fe91f84b28f6bf479febb68
                                • Instruction ID: 6bee7cc9889b4b60698959f202de427ec44dbcc31633ab1760ea28e4f59d186b
                                • Opcode Fuzzy Hash: 1b942db27bfb419df6e209cd9c2d0799bb3143137fe91f84b28f6bf479febb68
                                • Instruction Fuzzy Hash: 7541F371E002198BDB08DFAAC8506EEBBF7AF99325F648129D514BB251EB306902CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C805A8, Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr$`5kr
                                • API String ID: 0-2548079215
                                • Opcode ID: 42c5ee29656a474f29fc8376aa6393c2c2bac96f899a10850b58b0aac9e10eac
                                • Instruction ID: 07040ea7763972c90c94a392f23882eafedf080fb30b28a43ab1bdcfdacd0dc2
                                • Opcode Fuzzy Hash: 42c5ee29656a474f29fc8376aa6393c2c2bac96f899a10850b58b0aac9e10eac
                                • Instruction Fuzzy Hash: 0591F374E01218CFDB54DFA9C894BADBBF2BF89314F1050AAD909AB390DB71A945CF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C82866, Relevance: 2.6, Strings: 2, Instructions: 58COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: 7$N
                                • API String ID: 0-3202983734
                                • Opcode ID: cc9c591e69f6aacafe51da00d50bb36660228b0aa61f48a0da9d03b97900c396
                                • Instruction ID: 849077b549b9d66ed7b0d74313fd05fc5624b2a429b8a98ae7bc778bd53dd058
                                • Opcode Fuzzy Hash: cc9c591e69f6aacafe51da00d50bb36660228b0aa61f48a0da9d03b97900c396
                                • Instruction Fuzzy Hash: 5B21D075E02228CFEB249F25D8697E9BBB1BB4A305F0440EAC54DA3281DB345B85DF45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B5ABD5
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: bd774ac73e8222cfe4891a2a244942de8d298648570a4b49e2c802d0d0fff3b4
                                • Instruction ID: a304e9bfc5d4deb5f787970ef5f3d1e6554f5e4cb857d2a58da46bfdd9d055ca
                                • Opcode Fuzzy Hash: bd774ac73e8222cfe4891a2a244942de8d298648570a4b49e2c802d0d0fff3b4
                                • Instruction Fuzzy Hash: FC31B472504384AFE7228B25CC45F67BFFCEF06710F08859BED809B152D264A949CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5BABE, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 00B5BB65
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: 4021f1a8b46874d54011a5308b695fc966ac88b7696895827c476250c888106f
                                • Instruction ID: 86dcc5c0bf79079d4886c93cdbd3dea691ebcaa6f4fae4d3ff3570e3f28d96d8
                                • Opcode Fuzzy Hash: 4021f1a8b46874d54011a5308b695fc966ac88b7696895827c476250c888106f
                                • Instruction Fuzzy Hash: 423181715097806FE712CB25CC85F56FFE8EF06310F1884DAED848B292D365A909C762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,E6295ADD,00000000,00000000,00000000,00000000), ref: 00B5ACD8
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 12796aec0652fa0614bff6a130d37dc8279ce4afe79d79039157663834e4e9bf
                                • Instruction ID: 7bc76361406e7d0de8a12eff65d64364c3fb681e9ea74f9c7e957576e3fda735
                                • Opcode Fuzzy Hash: 12796aec0652fa0614bff6a130d37dc8279ce4afe79d79039157663834e4e9bf
                                • Instruction Fuzzy Hash: B1319371105384AFE722CF25CC84F62BFF8EF06310F1885DAE9859B152D264E949CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5BE5A, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
                                Download Yara Rule
                                APIs
                                • CopyFileW.KERNELBASE(?,?,?), ref: 00B5BEE6
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: CopyFile
                                • String ID:
                                • API String ID: 1304948518-0
                                • Opcode ID: 91aa9e38860409f2f604e17ca78ebb99677608a998bedc55ca0b7e4260372f0e
                                • Instruction ID: 56768a2ee24e8034d4b484b5315ba388bbae17d88468fd483fe262dc16415ba6
                                • Opcode Fuzzy Hash: 91aa9e38860409f2f604e17ca78ebb99677608a998bedc55ca0b7e4260372f0e
                                • Instruction Fuzzy Hash: 34313A715093C45FD7138B249C65BA2BFA89F17210F1D84DBED84CB1A3E2699849C762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E0C46, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 051E0CC3
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 9b6bf870a6325f0c659dad948decd3e39b0cb6b25cde8202c9efb4a1d9a93671
                                • Instruction ID: e2adfed87987b49987eaf8320ae7fde4000937b8f9fe52187202049aeab327c3
                                • Opcode Fuzzy Hash: 9b6bf870a6325f0c659dad948decd3e39b0cb6b25cde8202c9efb4a1d9a93671
                                • Instruction Fuzzy Hash: FD219072500604AFEB219F65DC85FABBBECEF08710F14886AEE459B251D770A4098B75
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5B074, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00B5B10E
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: 1cbd93248bc5dd214487d0271051ba83ea24e83963ccfb2277187f7681ee33e6
                                • Instruction ID: 9a8706992ab7f92797b6a84f1861c2927bacd8cc5bcc9f22c1322a31028ecf9b
                                • Opcode Fuzzy Hash: 1cbd93248bc5dd214487d0271051ba83ea24e83963ccfb2277187f7681ee33e6
                                • Instruction Fuzzy Hash: 8221A4715493C06FD3138B259C51B22BFB4EF87A10F0981DBEC84CB653D225A919C7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E082E, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: 5deb21e4448500d0e50f18662504f82857542e704805f89ce0f02ff9a55448f0
                                • Instruction ID: 4eff1b2467a1c190f463c217685bee74cfb305a6b1cafefcf34d28a87a12e584
                                • Opcode Fuzzy Hash: 5deb21e4448500d0e50f18662504f82857542e704805f89ce0f02ff9a55448f0
                                • Instruction Fuzzy Hash: 72218B71900704AFE721DF25C888F66FBE8EF08710F14846AEA859B242E7B1E404CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B5ABD5
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: efdd5bc1627f4d8e878999bec72786c7baf6624bfa15545a70c8affb042dd641
                                • Instruction ID: 9da2b4b8aeb81ece0d071b9fcbf20c5887a8b556a84849a3da41887d25004d6d
                                • Opcode Fuzzy Hash: efdd5bc1627f4d8e878999bec72786c7baf6624bfa15545a70c8affb042dd641
                                • Instruction Fuzzy Hash: 4121AE72500704AFE7219F25CC84F6BFBECEF08711F14859BEE45AB241D664E9088BB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5BAF2, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 00B5BB65
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: a3e58a7b0425388947694e978fc2e4c30c249caf29be76a3e9eec4057cc4ffe3
                                • Instruction ID: d81f622bbf1c0e2ae5c90f8b19cad260b4f329e4520bcca9707c0927acd2fcaf
                                • Opcode Fuzzy Hash: a3e58a7b0425388947694e978fc2e4c30c249caf29be76a3e9eec4057cc4ffe3
                                • Instruction Fuzzy Hash: 84217C71500240AFE721DF25C985F66FBE8EF04710F1484AAEE459B286E7B1E908CB76
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,E6295ADD,00000000,00000000,00000000,00000000), ref: 00B5ACD8
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: e9ddc44dc55b04946c0d07040a562882477d264d5fbf889daa4a79d677e63c9f
                                • Instruction ID: 7b417117a2e1b37a2e9b065265545872fbe8558ed18a0593a950e13b3f859cc4
                                • Opcode Fuzzy Hash: e9ddc44dc55b04946c0d07040a562882477d264d5fbf889daa4a79d677e63c9f
                                • Instruction Fuzzy Hash: 29218C71600604AFE721DF25CC84F67BBECEF04711F1485AAEE45AB651D760E808CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5B3B9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00B5B435
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: 265ec12c52f8000353a0bd9154b85227e7082e13c76c999183817a6753a2d9e8
                                • Instruction ID: bc6f9a296e970e2885eef60788a47877c2be8798b1781f3447a9d440f16c8736
                                • Opcode Fuzzy Hash: 265ec12c52f8000353a0bd9154b85227e7082e13c76c999183817a6753a2d9e8
                                • Instruction Fuzzy Hash: 5C218E71509380AFD7228F25DC85B62BFE8EF56314F1880DAED848B253D365A909CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B5A61A
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: f742b1d0e51bf6e089aa818114fdbe572e87c9b90381ace8511e0d60fa29ba2b
                                • Instruction ID: f9556dc864c261e52c5f096fdd7fd180ac868a1743ecc6e65472a9f00e43368b
                                • Opcode Fuzzy Hash: f742b1d0e51bf6e089aa818114fdbe572e87c9b90381ace8511e0d60fa29ba2b
                                • Instruction Fuzzy Hash: 2C11B471409380AFDB228F50DC44B62FFF8EF4A310F0885DAEE858B152D275A418DB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E0A06, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(?,00000E2C,E6295ADD,00000000,00000000,00000000,00000000), ref: 051E0A65
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: bd57a89de959ea3966df35f1e8424b5962bae1f195fe467fc3cf42ba0dcbf41d
                                • Instruction ID: 0d4db7b07a13d1d72f55e13a92fb5f46d722e80c9553e69db6be01eb975b9a9b
                                • Opcode Fuzzy Hash: bd57a89de959ea3966df35f1e8424b5962bae1f195fe467fc3cf42ba0dcbf41d
                                • Instruction Fuzzy Hash: D111C171500604EFEB21CF55DC85F66FBA8EF48320F14846BEE459B241D7B5A408CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 00B5A6CC
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: a974ad933a6cca541aa87440c4664f24821d43109281326a76e329567e37abec
                                • Instruction ID: 3da8f6d3c0b844df09b893260571d1a830a23752a022b180ec75d92a0b09f700
                                • Opcode Fuzzy Hash: a974ad933a6cca541aa87440c4664f24821d43109281326a76e329567e37abec
                                • Instruction Fuzzy Hash: CC1159754093C49FD7128B25CC94A52BFB4DF07220F0E80DBDD859F1A3D2699948CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A2D6, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00B5A32C
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: a0037996c2b94a0f2a3fa77e46e442499dfaefe2f983d211640cb09007222f18
                                • Instruction ID: 448282fcf5c96126931f4484f03c8a9f0727dd14c33bf69ad80e8acd3d04aeda
                                • Opcode Fuzzy Hash: a0037996c2b94a0f2a3fa77e46e442499dfaefe2f983d211640cb09007222f18
                                • Instruction Fuzzy Hash: 83119471509380AFDB128F25DC94B56BFA8DF46620F0880EBED859F652D2759908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5BE9E, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                Download Yara Rule
                                APIs
                                • CopyFileW.KERNELBASE(?,?,?), ref: 00B5BEE6
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: CopyFile
                                • String ID:
                                • API String ID: 1304948518-0
                                • Opcode ID: 766b7df3f5f9a6ea31acf6a65f011d8e1f5702acdf5efc7bdaedffea60848a5b
                                • Instruction ID: 89c56e25425e77abdb843a4864857fee0b3c42d5207fa8e170526d596f186984
                                • Opcode Fuzzy Hash: 766b7df3f5f9a6ea31acf6a65f011d8e1f5702acdf5efc7bdaedffea60848a5b
                                • Instruction Fuzzy Hash: FC113C716002449FEB10DF69DC86B66FBD8EF04321F1884EAED49DB642E774E808CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E0E22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32 ref: 051E0E6A
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: aaefc71b3b333a3b742c684562042f8e5d8a3676ca4d395639daca7bbe46b1f6
                                • Instruction ID: 123766c74d14568dabcc8b4e11e048ae439b48d9c5a9eca64c02613fc5ccc26b
                                • Opcode Fuzzy Hash: aaefc71b3b333a3b742c684562042f8e5d8a3676ca4d395639daca7bbe46b1f6
                                • Instruction Fuzzy Hash: 92113071A046009FD720DF29D889B56FBE8EF48610F18846ADD49DB641E7B5E444CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E0946, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,E6295ADD,00000000,00000000,00000000,00000000), ref: 051E0999
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: fdbfe83f8c3a630557f23d8afa7698ad673fc56e8fb1c77e2804874d86098751
                                • Instruction ID: e7ba29bd6b4aea61399e90fd48bcc9f74d761b21082942694d61eff2893c7e92
                                • Opcode Fuzzy Hash: fdbfe83f8c3a630557f23d8afa7698ad673fc56e8fb1c77e2804874d86098751
                                • Instruction Fuzzy Hash: 4101C071500604AEE720DF19DC85F6BFBA8EF49720F1480A7EE489B241D6A4A4088A72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: LongWindow
                                • String ID:
                                • API String ID: 1378638983-0
                                • Opcode ID: 704acd8ab0c28d86d20f510169cf9be4e59eec50d98574ea5bf24fab3974078a
                                • Instruction ID: 500a73059cf3fe1d1928f54447d51b9e2ac681184feed63a2bf7c1f454fe8f1f
                                • Opcode Fuzzy Hash: 704acd8ab0c28d86d20f510169cf9be4e59eec50d98574ea5bf24fab3974078a
                                • Instruction Fuzzy Hash: 64117C31409784AFD7228F15DC84B52FFF4EF46720F08C5DAED855B262D275A918CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E0786, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 051E07D6
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: FileNameTemp
                                • String ID:
                                • API String ID: 745986568-0
                                • Opcode ID: e6270112390d35b5afc865585a12724a77144a8562c028f9b7b4c8d8d43a7b5b
                                • Instruction ID: b931e1a92f78a2afb4216243c2c8c510104b8762a15d9be00a1bbe2159e0b62c
                                • Opcode Fuzzy Hash: e6270112390d35b5afc865585a12724a77144a8562c028f9b7b4c8d8d43a7b5b
                                • Instruction Fuzzy Hash: F8017172500600ABD710DF16DC86F26FBA8FB88B20F14856AED089B741E771F515CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E0D6E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: DeleteFile
                                • String ID:
                                • API String ID: 4033686569-0
                                • Opcode ID: f10c61722a19db79f4a166e408355020fc9548aef98a4629ce1cff29ceb41970
                                • Instruction ID: 1e075115bdbc987904b04e4e311c36f544b8dc817f36d6686ba7ee0e4d891a5a
                                • Opcode Fuzzy Hash: f10c61722a19db79f4a166e408355020fc9548aef98a4629ce1cff29ceb41970
                                • Instruction Fuzzy Hash: 3601B579A006409FD750CF2AD889766FFD8EF04220F18C0AADD09CF242E7B4E404CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5B3EA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00B5B435
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: LibraryLoadShim
                                • String ID:
                                • API String ID: 1475914169-0
                                • Opcode ID: fe99ab2a7a2b534e01faf16af4f6390db1261090b8c6bdcad2d983553e228a2a
                                • Instruction ID: 2fa04fbf2e2080ab0cc1a47a9fa2d8c86c4fc882378cfd5de539532a7f84db06
                                • Opcode Fuzzy Hash: fe99ab2a7a2b534e01faf16af4f6390db1261090b8c6bdcad2d983553e228a2a
                                • Instruction Fuzzy Hash: 9D018C719006009FDB20DF19D885B26FBE8EF04721F1880DADE498B352E775E808DB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B5A61A
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: 9a965181e7d980db8030ba6cb873e2d1246a6834cd5ea1be8f970cfa3b13a6d4
                                • Instruction ID: 06ab4ab24cea2983563dc02bba4cf670a1439ed5259ae782c582d8261cdf1510
                                • Opcode Fuzzy Hash: 9a965181e7d980db8030ba6cb873e2d1246a6834cd5ea1be8f970cfa3b13a6d4
                                • Instruction Fuzzy Hash: E1016932400600EFDB219F55D884B56FFE4EF48721F18C5AAEE495B612D276A418DF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00B5A32C
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: aeb0bce71c3af1bfb6188df0656a3e730b0d240de682d5749091fdec9208ffc3
                                • Instruction ID: 4f7511635922d586d581060b0169d5a47f320720618675be07358e0572e92342
                                • Opcode Fuzzy Hash: aeb0bce71c3af1bfb6188df0656a3e730b0d240de682d5749091fdec9208ffc3
                                • Instruction Fuzzy Hash: 9201DF319002009FDB10CF29D884766FFD4EF04721F18C0EBDD099B202E6B4A408CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E1072, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE ref: 051E10A4
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 1b559bedc0f596ffe41856427ec62043a79f2ca90417f5699a1f07848578990a
                                • Instruction ID: c633da3dfaae58d8720e19d4a87e459323bddaeec0173b7a38585e28326e502a
                                • Opcode Fuzzy Hash: 1b559bedc0f596ffe41856427ec62043a79f2ca90417f5699a1f07848578990a
                                • Instruction Fuzzy Hash: FD01DF35504640AFDB21DF29E884B66FFE4EF44220F18C0ABDD098B642D7B5E408CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 051E126A, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.340177839.00000000051E0000.00000040.00000001.sdmp, Offset: 05180000, based on PE: true
                                • Associated: 00000000.00000002.340040627.0000000005180000.00000004.00000001.sdmp Download File
                                Similarity
                                • API ID: MessagePost
                                • String ID:
                                • API String ID: 410705778-0
                                • Opcode ID: 7055442cb2ea6a95ab42526fbd054173ec281d74e735a0fca33839a6f2c8e90b
                                • Instruction ID: f59f2677c965e72a187601c045d9a5afa117f21ffa125e34d5053b9c740c66bb
                                • Opcode Fuzzy Hash: 7055442cb2ea6a95ab42526fbd054173ec281d74e735a0fca33839a6f2c8e90b
                                • Instruction Fuzzy Hash: A5014B35900A44EFDB20CF55DC84B66FFA1EF08320F28C59ADE499B612D3B5A458DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: LongWindow
                                • String ID:
                                • API String ID: 1378638983-0
                                • Opcode ID: e94f6948fd356f8ea3f1efc4ac5b034f4313b0134f4ebba61e90d6161396967a
                                • Instruction ID: da5b9aef5694be5e6d4ae1061c64d361287b5175dd2e504873f79bc5fb370aa7
                                • Opcode Fuzzy Hash: e94f6948fd356f8ea3f1efc4ac5b034f4313b0134f4ebba61e90d6161396967a
                                • Instruction Fuzzy Hash: 0A01A931800604DFDB209F15D984B22FFE0EF08721F18C2EADE491B612D2B5A808DFB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B5A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 00B5A6CC
                                Memory Dump Source
                                • Source File: 00000000.00000002.335285336.0000000000B5A000.00000040.00000001.sdmp, Offset: 00B5A000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: 6efed8554a584ae874c641b9f91544ab586f7c9514bc15fcc49511bcb2c61611
                                • Instruction ID: a550c3b04741fd628ae83fabdfd0830122ed6cbca3a66fc18a8a710036b06109
                                • Opcode Fuzzy Hash: 6efed8554a584ae874c641b9f91544ab586f7c9514bc15fcc49511bcb2c61611
                                • Instruction Fuzzy Hash: 9BF08C345006449FDB109F15D884762FFE0EF04321F18C1DADD495B216E2B5A448DA62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80598, Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr
                                • API String ID: 0-3830894600
                                • Opcode ID: a8850abc748880cae7b3d2352d83a421a3d2758a49786a6a47bc8024c450e86a
                                • Instruction ID: b93305bd23b11a462d08c203f102299a0331f437f36a4a0d4b885760c2ead3ec
                                • Opcode Fuzzy Hash: a8850abc748880cae7b3d2352d83a421a3d2758a49786a6a47bc8024c450e86a
                                • Instruction Fuzzy Hash: EE811574E01258CFDB54DFA9C894BADBBF2BF49314F1540AAD805AB291DB30A989CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8C628, Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr
                                • API String ID: 0-3830894600
                                • Opcode ID: 6cab2e2ad2a2b7dc239a32a78d1cdf3a6f73775694bc684b74606584e104a7b9
                                • Instruction ID: e8fc387b45a565abaabc0e8ae0d47a5dd8f31276969dac9e5fee826d9dfc9193
                                • Opcode Fuzzy Hash: 6cab2e2ad2a2b7dc239a32a78d1cdf3a6f73775694bc684b74606584e104a7b9
                                • Instruction Fuzzy Hash: 5561C074E01208DFEB04EFA9D454AAEBBB2FF89304F609029E915B7394EB346941DF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8BFF8, Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: |mhr
                                • API String ID: 0-1401776628
                                • Opcode ID: a709d5c658e7bc5c989795e04c926ce4cc07b367659297230c8f741f71d2a1f1
                                • Instruction ID: e61f633a400cdcb0d70fa01431656db08e960906861d0297241cca3811efad80
                                • Opcode Fuzzy Hash: a709d5c658e7bc5c989795e04c926ce4cc07b367659297230c8f741f71d2a1f1
                                • Instruction Fuzzy Hash: 2D318C74E01218DBDB08EFB9D8847EEBBB2EF89309F14942DD405B3250EB316945CB20
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C82888, Relevance: 1.3, Strings: 1, Instructions: 49COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: X
                                • API String ID: 0-3081909835
                                • Opcode ID: 79c7f16f4e725aa22939465585aa88933238a2e5fcf81bbec76ee5f6ee54dc55
                                • Instruction ID: 0f6f07c93e2791745e582a588bf68c3e9c395f23ee837466268de9c349cd4a8f
                                • Opcode Fuzzy Hash: 79c7f16f4e725aa22939465585aa88933238a2e5fcf81bbec76ee5f6ee54dc55
                                • Instruction Fuzzy Hash: 2C21B275E02228CFEB24DF25C8687D9BBB1BF4A305F0080E9958DA7281DB745A84DF45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C86492, Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: v
                                • API String ID: 0-1801730948
                                • Opcode ID: eefd72b0b1cc539846b551990e51355cad349b5a152986586451aea1a3ea872b
                                • Instruction ID: fa4dd0c6245ec158ba0758f0233b8a60a97ea483fa7eb0d97c514450ca4b6c4d
                                • Opcode Fuzzy Hash: eefd72b0b1cc539846b551990e51355cad349b5a152986586451aea1a3ea872b
                                • Instruction Fuzzy Hash: 19019274A4626C8FDB61DF24D9447DCB7B5BB09344F1058EAD41AA3280E7B4AFC08F54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80A41, Relevance: .9, Instructions: 872COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b17255b7ad8c1e70b9c660787e1980fa625063a0f4e042a6a470c8c800f368d0
                                • Instruction ID: ac6b1cf97041d016c8ad451eb999bffa4a86f61254f991b15d61b12e8ee62d48
                                • Opcode Fuzzy Hash: b17255b7ad8c1e70b9c660787e1980fa625063a0f4e042a6a470c8c800f368d0
                                • Instruction Fuzzy Hash: 6E92A134A412188FDB25DB24C898BE9B7B2FF8E305F1541E9D509AB361CB31AE95CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80A50, Relevance: .9, Instructions: 867COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a29f1da2de78ec5c3de79eed20b300c10557b3c52a562adb5e7151ec261321b
                                • Instruction ID: e9283f08b4be98a191a948233c0941983763b1ecd1fd4963f0db8cf29199563d
                                • Opcode Fuzzy Hash: 3a29f1da2de78ec5c3de79eed20b300c10557b3c52a562adb5e7151ec261321b
                                • Instruction Fuzzy Hash: 94929134A412189FDB25DB24C898BE9B7B2FF8E305F1141E9D509AB361CB31AE95CF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C83048, Relevance: .2, Instructions: 218COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ced2b750d2404d48b1f6fc95d10d4f3374687c7a6075cb17d2d5c01aa0d5f0d3
                                • Instruction ID: 887e9fa1da60c728c18fcb09e319686d0983622153b9de7d701d7ac8dd9e3865
                                • Opcode Fuzzy Hash: ced2b750d2404d48b1f6fc95d10d4f3374687c7a6075cb17d2d5c01aa0d5f0d3
                                • Instruction Fuzzy Hash: 04912675D053A8CEDB289FA2C8487ECFAB6BB46B49F04609DD409731A1D7791B88CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B52477, Relevance: .2, Instructions: 208COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335270085.0000000000B52000.00000040.00000001.sdmp, Offset: 00B52000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bbfe867d7356a38bdad1367e488e48ecfed149ac5d94f662ec8d7545b3aa02c9
                                • Instruction ID: dbe13c17aff38ff6a7c5267492437f83b2b25b0c6a9dc4e1ee565fad5d118366
                                • Opcode Fuzzy Hash: bbfe867d7356a38bdad1367e488e48ecfed149ac5d94f662ec8d7545b3aa02c9
                                • Instruction Fuzzy Hash: 8251BEA191F7C54FDB0797207879399BFF6AA77313B0A41CBDE808B2A3E114450D876A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84BF9, Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9874ab52ccc01a41c7cac272afcfa49327c472d9da7a0f195d55ab040802302
                                • Instruction ID: fd50c8430e0a67ff5d13c3bc184c69a1c6ae0ba1b164c64deb082369ca87f89c
                                • Opcode Fuzzy Hash: d9874ab52ccc01a41c7cac272afcfa49327c472d9da7a0f195d55ab040802302
                                • Instruction Fuzzy Hash: F3812B70901259CFEB54EF64E858B9CBBF1FB48309F1085A9E409A72A5EB70AD85CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84EBD, Relevance: .1, Instructions: 142COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bfe01c535fee56c1ce8da0e64b7fbf2b628f6e8353bea966711ad90eeee917db
                                • Instruction ID: 54fcd456c037dee21f3d51f1868647a7ca17727c9a21fb532e726b203847e15d
                                • Opcode Fuzzy Hash: bfe01c535fee56c1ce8da0e64b7fbf2b628f6e8353bea966711ad90eeee917db
                                • Instruction Fuzzy Hash: 53712A70900259CFEB54EF64E858B9CBBB1FF48305F1085A9E809A73A5EB70AD85CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80271, Relevance: .1, Instructions: 123COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 493b3961221f28d0fd9329a4f99da06aa62f686713f567ad539b7f3c9d21115d
                                • Instruction ID: 984aeb5399b7a4b7389ffa2bb638e5b8d7df6faabd99425a080cda52a8172edb
                                • Opcode Fuzzy Hash: 493b3961221f28d0fd9329a4f99da06aa62f686713f567ad539b7f3c9d21115d
                                • Instruction Fuzzy Hash: 1C51BF78E00219DFDB00DFA9C480AEDBBF1AF4E314F155499E901AB360D774AA44EF65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C848D0, Relevance: .1, Instructions: 120COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e4a5563f884dc0800627b735f305833bc7379a3b12872c646f3acc7fb5e8aec4
                                • Instruction ID: 9e297a45faa8b87eaf39aa6eb06597ad84bf33bca50adb7f4026ae2fea8995d5
                                • Opcode Fuzzy Hash: e4a5563f884dc0800627b735f305833bc7379a3b12872c646f3acc7fb5e8aec4
                                • Instruction Fuzzy Hash: 23414DB0D012499FDB08DFAAC4906EDFBF3AF89324F54C269D424AB395E630A9018F14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84CB3, Relevance: .1, Instructions: 115COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a7bdecda679d6acc0e0d54b0f7ecc8a31eb20c29353f95884b964f9a7d71ffcc
                                • Instruction ID: f2aa4fbca0dbe1c80010a524f4076159bf85a39368d012ef8d53d448c99cd9ce
                                • Opcode Fuzzy Hash: a7bdecda679d6acc0e0d54b0f7ecc8a31eb20c29353f95884b964f9a7d71ffcc
                                • Instruction Fuzzy Hash: 88510B34A50219CFEB54DF64D849BACBBB2FB44304F0086A9E90AA7394EB705DC5CF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8306E, Relevance: .1, Instructions: 114COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: db1dfb99eb6a14c57db07dae4eacf028f25bf7d586d509742833027f7346a53f
                                • Instruction ID: 1f1c0b6afb182a00570bab3440052653ccfbf3c3f84a1b6d0b26e325b4bdca15
                                • Opcode Fuzzy Hash: db1dfb99eb6a14c57db07dae4eacf028f25bf7d586d509742833027f7346a53f
                                • Instruction Fuzzy Hash: 62412775D052A8CEDB289FA2C8487ECBAB5BB05B49F1460D9D809722A1D7751BC8CF14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80280, Relevance: .1, Instructions: 113COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7941ce50d394fc29eaeb2f7fdbb0ef9df2636a4cdfede8bdf736fb1e6cd6e4e5
                                • Instruction ID: 35e86ddbc832387000e21f5a160f9baf6552086954f3b77a097f2cf6c99ad331
                                • Opcode Fuzzy Hash: 7941ce50d394fc29eaeb2f7fdbb0ef9df2636a4cdfede8bdf736fb1e6cd6e4e5
                                • Instruction Fuzzy Hash: E941AF78A00218DFDB00DFA9C480BADBBF1BF4D314F155499E901AB3A0D774AA44EF65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C843A0, Relevance: .1, Instructions: 111COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef325396bff877f9bdb96b0e19aeaf930eb083787977b7330a5c5744373c3677
                                • Instruction ID: 2d279f50f01bdeeec05ed56e7ed66f9e80d16ea3b6bbbc6eb972281eb65d9a17
                                • Opcode Fuzzy Hash: ef325396bff877f9bdb96b0e19aeaf930eb083787977b7330a5c5744373c3677
                                • Instruction Fuzzy Hash: 5441A0B4D012589FCB48DFA9D5949ADBBF2BF89300F14816AE805AB364EB306945CF54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84B60, Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c368d4c4f1498730acf8979ad2a1d135896a0f172d4e6199aa85900bcf1a1a22
                                • Instruction ID: 69ba4d8b4b8b38a0d54eee5f570e2eee566010b45d5976fff066eb4b28e8d198
                                • Opcode Fuzzy Hash: c368d4c4f1498730acf8979ad2a1d135896a0f172d4e6199aa85900bcf1a1a22
                                • Instruction Fuzzy Hash: B4511C70A40259CFEB14EF64D858BACBBB2FB44304F1086A9E909A7395EB705D81DF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84B08, Relevance: .1, Instructions: 106COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d684c2c9992f268dd4533047a23400ae67e80aeaee686413cef83b54f2b860a7
                                • Instruction ID: 6b03eab95d2b21a9dfd58a0f85fe1ddd6c9f248c409dabfc9cf185d11c7da3c4
                                • Opcode Fuzzy Hash: d684c2c9992f268dd4533047a23400ae67e80aeaee686413cef83b54f2b860a7
                                • Instruction Fuzzy Hash: A3511D74A41219CFEB14EF64D849BACBBB1FB48304F1086A9D90AA3390EB705EC5DF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84AF8, Relevance: .1, Instructions: 92COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2c5ad2c4468d10c9d770e8536eb8d76b1070e2678b0e43a1882260fe8fdd2cf
                                • Instruction ID: c3ad463607e761090a82e7eed6cfd4946c960cbbf080616e848998cd74da6b49
                                • Opcode Fuzzy Hash: e2c5ad2c4468d10c9d770e8536eb8d76b1070e2678b0e43a1882260fe8fdd2cf
                                • Instruction Fuzzy Hash: 59410C34941219CFEB14EF64D849BACBBB1FB44304F1086A9D90AA3390EB745DC5DF11
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A6D8, Relevance: .1, Instructions: 91COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f157a00ea0f17f43198b4e33c6b6a0b2874194fd0bb76b2095002b0fc24d4ace
                                • Instruction ID: bfaed07b6443b2ad1d70984cac3c51bfabdb23bc4151a4966b5f16be9341eb27
                                • Opcode Fuzzy Hash: f157a00ea0f17f43198b4e33c6b6a0b2874194fd0bb76b2095002b0fc24d4ace
                                • Instruction Fuzzy Hash: 3E316B76509340AFD310CF59AC85E57FFE8EB89620F18C95EFD899B211D271A904CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A806, Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 463f2ff924883e6a821cba7da0e302e1347ffdc59d0a353f5af2ac891d322221
                                • Instruction ID: df03ee3cd285a6e6e641a1afb952d58d5d291e2ee1990b414c73f6819aafe356
                                • Opcode Fuzzy Hash: 463f2ff924883e6a821cba7da0e302e1347ffdc59d0a353f5af2ac891d322221
                                • Instruction Fuzzy Hash: AE219C72608340AFD310CF19EC81E57FFE8EF89620F18C95EFD5997211D271A5148BA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A930, Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d51e780ac6dd155c3b2f6a6026004c664e78992a9d77def04bcfda13802900bb
                                • Instruction ID: ef5cf5e2b8047568e6eb779c5ac3dbd1f7efd9e92faaa2863bc2895903c0cc6d
                                • Opcode Fuzzy Hash: d51e780ac6dd155c3b2f6a6026004c664e78992a9d77def04bcfda13802900bb
                                • Instruction Fuzzy Hash: DC216BB6508340AFD710CF09EC81A57FFE8EB89630F18896EFD5997611D275A9048BA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A5AC, Relevance: .1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84c8e3d0ab98f88ebac99fe121eef473a2512ffd5c6fcdcd4e3a92870ae37261
                                • Instruction ID: 112d899ca44e769cd4b2965a008ecad1c34563924c59e3b45f3d119272232f78
                                • Opcode Fuzzy Hash: 84c8e3d0ab98f88ebac99fe121eef473a2512ffd5c6fcdcd4e3a92870ae37261
                                • Instruction Fuzzy Hash: 2C21B572508340AFD7118F55AC45E53FFA8EB85630F18C95EFD495B211E275B504CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A394, Relevance: .1, Instructions: 83COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef2aa2acadca26a91909779ba2cc3d2971f36d1d6b7f904b8ce37c181e643abe
                                • Instruction ID: 8967c075119035fac0a7f8fab33173e872c11d47cb6266323e82032cdcf67d04
                                • Opcode Fuzzy Hash: ef2aa2acadca26a91909779ba2cc3d2971f36d1d6b7f904b8ce37c181e643abe
                                • Instruction Fuzzy Hash: 35219276504344AFD3108F55EC41E97FFE8EF89630F14C96AFD499B211D276A9048BA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255AAB4, Relevance: .1, Instructions: 82COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ee5219b864237577f8b2f3ed1a0222fbb20503bbd4fc428009406d848dd61d4
                                • Instruction ID: 201db61fc0d5b979d26b676c836bb228382687c1779691231948916388b58066
                                • Opcode Fuzzy Hash: 2ee5219b864237577f8b2f3ed1a0222fbb20503bbd4fc428009406d848dd61d4
                                • Instruction Fuzzy Hash: 25312BB550D3805FD302CF259850A56BFF4EB8A214F1888DEF8C8DB252D2759908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84B37, Relevance: .1, Instructions: 81COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cc6bea977325041fba0bca150601452dde822bdc30da1aad91a8520571dba6ad
                                • Instruction ID: ee3925468659469b1a7ea90720968df51db407822474f988e8403a0e3456daf0
                                • Opcode Fuzzy Hash: cc6bea977325041fba0bca150601452dde822bdc30da1aad91a8520571dba6ad
                                • Instruction Fuzzy Hash: 53410C74A41219CFEB54EF64D859BACBBB1FB44304F1086A9E90AA3394EB705EC5DF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A17C, Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 094d106389bce1d3f7a426d73deeb768e51a68e3437af2b0d2137c8dcc15fc15
                                • Instruction ID: 180fce7f64dc0628c51de75b583f487c637e8f1a3481044855011cb6f7eeebe8
                                • Opcode Fuzzy Hash: 094d106389bce1d3f7a426d73deeb768e51a68e3437af2b0d2137c8dcc15fc15
                                • Instruction Fuzzy Hash: DE21C9766043446FD7108F15AC41E63FFA8EF89630F18C55BFD199B211D671B5048BB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80006, Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1029c6ece186268d1bec03e5a7ff3931ef39db5f90d2cc18dc9e4e69284c76de
                                • Instruction ID: 62e343721c8e5236d3113a9c2e3acc2f3259ed1a2e0232a4503fb8c902b8d6b3
                                • Opcode Fuzzy Hash: 1029c6ece186268d1bec03e5a7ff3931ef39db5f90d2cc18dc9e4e69284c76de
                                • Instruction Fuzzy Hash: C52172A194E3C55FD3435B7488616EA7FB59F03218F1A04DBC080EB1A3D6695D0ECB65
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A95A, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: afb37767b97854c5610112d2b683c86658a92ca720a43ec23ea75d2d2cbe625d
                                • Instruction ID: 69dac44cc29f52c34f05033876eda4b8c64094d6b769c4b376d7f7bd14421d3f
                                • Opcode Fuzzy Hash: afb37767b97854c5610112d2b683c86658a92ca720a43ec23ea75d2d2cbe625d
                                • Instruction Fuzzy Hash: B3212FB6644304AFD210CF09EC81E57FBE8EB88630F14C92EFD5997711E275E9148BA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A702, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f20cb9e4cfe38f6cbf110af0e98db2b1131df4f78ff7e3085f3075731ee697ca
                                • Instruction ID: 62ee3587e34667d1f56632d829d22b6cba0f0bbb0d55579fd3713d7eda335750
                                • Opcode Fuzzy Hash: f20cb9e4cfe38f6cbf110af0e98db2b1131df4f78ff7e3085f3075731ee697ca
                                • Instruction Fuzzy Hash: 6D214FB6604300AFD210CF09EC81E57FBE8EB88630F14C92EFD4897311E271E9148BA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A82E, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 44801d1d3e6954b39e7561c292bf006aa81213317f20b97c9044eaf4a9a35868
                                • Instruction ID: d326863db818935b895df73214fafbfc775270aa70add58abc9d7d11116ed891
                                • Opcode Fuzzy Hash: 44801d1d3e6954b39e7561c292bf006aa81213317f20b97c9044eaf4a9a35868
                                • Instruction Fuzzy Hash: 86212FB6644304AFD210CF09EC81E57FBE8EB88670F14C92EFD5997311E275E9148BA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8528A, Relevance: .1, Instructions: 75COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e2c4be02786e599376c68b0c9a485129eb667d2450b0bbeb00ec9692b835814f
                                • Instruction ID: e439a21f8b4c8c96ede17cc4cec312f31046191f103b64b4783cb17c049a4523
                                • Opcode Fuzzy Hash: e2c4be02786e599376c68b0c9a485129eb667d2450b0bbeb00ec9692b835814f
                                • Instruction Fuzzy Hash: B841D974950219CFEB54EF64D859BACBBB1FB44304F1086A9E90AA3390EB705DC5DF10
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A5D6, Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7509ae604e6d88694fca3114c44fdb72dce16c68d32a152c37e883f3080ac4ea
                                • Instruction ID: d8aa566c15cc4ccbc1af60c02469092223ad4c339bf4d3f55f67ef57495358d4
                                • Opcode Fuzzy Hash: 7509ae604e6d88694fca3114c44fdb72dce16c68d32a152c37e883f3080ac4ea
                                • Instruction Fuzzy Hash: 16119676644304BFD6108F46EC81E57FBA8EB88630F14C56AFD0957211E275B5148BA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A3BE, Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 82a4dadacd645c87a5807dfc0d6cc48ec5351e86faa4283efadcad069b62617c
                                • Instruction ID: 831a6be05c2f99593667aac2b0aa4135f70bcb2c45b82596dd16ac3f975cbda6
                                • Opcode Fuzzy Hash: 82a4dadacd645c87a5807dfc0d6cc48ec5351e86faa4283efadcad069b62617c
                                • Instruction Fuzzy Hash: C3119676644304BFD2108F46EC81E57FFA8EB88630F14C56AFD0957211E276A5148BA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A62C, Relevance: .1, Instructions: 65COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2eeb71c2a61a202aae98b0fcbf467762d9bbcee23f2f5bb4cd897f4f8799ef4e
                                • Instruction ID: e87fbb6a861bb6d37d26806a3476d4262cfecca4ea42752d1fc591645f43a506
                                • Opcode Fuzzy Hash: 2eeb71c2a61a202aae98b0fcbf467762d9bbcee23f2f5bb4cd897f4f8799ef4e
                                • Instruction Fuzzy Hash: D02151B550D3806FD302CF15DC51957BFF4EF86620F0989DAF9889B253D235A904CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A1A6, Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fb9e607426745d81cc079e9a3a98645d1829eb52127a484cdff29d13c76e4c25
                                • Instruction ID: 1b61988f648ba96bf27eef3d3b18917471d1e8a7016bd3ecabd9830147fc7a71
                                • Opcode Fuzzy Hash: fb9e607426745d81cc079e9a3a98645d1829eb52127a484cdff29d13c76e4c25
                                • Instruction Fuzzy Hash: 6311CA76640204BFD6108F0AEC41E63FB98EB84630F14C56BFD095B601D672B5148BB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0266075C, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a270d4e5fe6d7b3343e637e5a368b820efc6f2337fc10765cfcd972f12101a36
                                • Instruction ID: a320ffbde277967dc2ae10eb93e2a92c14af244ccfcd85d35c37304f63962091
                                • Opcode Fuzzy Hash: a270d4e5fe6d7b3343e637e5a368b820efc6f2337fc10765cfcd972f12101a36
                                • Instruction Fuzzy Hash: 69119034204284EFD715CB24C988B36BF95BB88708F24C9ADE9491B752C777D803CA51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C800F8, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b68914f55a74ae29576a78ebd0587e1a1992500203569f14497aeafc72c1391a
                                • Instruction ID: 9909a8b301d046c0e47bd5d6e38b3c6ea90b15d4f5e0a793b913ffc7e3be36f3
                                • Opcode Fuzzy Hash: b68914f55a74ae29576a78ebd0587e1a1992500203569f14497aeafc72c1391a
                                • Instruction Fuzzy Hash: DB21DB30E0128ACFCB00EFB4D8605ADBFB5FF01315B5405A8E80197266DB702A0ADB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C841CC, Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6583b697975f29a2838613404fcb61a18e3437ebeb935410bd5aecc56cb8fd84
                                • Instruction ID: 7b088cae8136b013ce860196d5224e25ba0f40bb633ad205625512f2b8a9ab43
                                • Opcode Fuzzy Hash: 6583b697975f29a2838613404fcb61a18e3437ebeb935410bd5aecc56cb8fd84
                                • Instruction Fuzzy Hash: BB21E278A05228CFDB24DF65C815BE9BBB2FB8A308F0041D98549A3251EB706E85CF45
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255AAF5, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 12e9b123d939ac2491f864bfb1708284a148d0f1459e1ef9b23c3667d7c45dfb
                                • Instruction ID: c9cbf04e75862b8bd44b7eb3733bea49144cda98515732fd007cadb8da7ed8e6
                                • Opcode Fuzzy Hash: 12e9b123d939ac2491f864bfb1708284a148d0f1459e1ef9b23c3667d7c45dfb
                                • Instruction Fuzzy Hash: 7E11DAB5508301AFD350CF19D881A5BFBE4FB88660F14891EF99897311E371E9048FA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A104, Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7090940eb88dea1110a67933a9b7c3bb8fa0239c5e6d6a2e28e57476b32a9671
                                • Instruction ID: 7527f5d762cf81cb24282d881dda17ec1e8b5265c2f5d8e47ed198d59c5fafb9
                                • Opcode Fuzzy Hash: 7090940eb88dea1110a67933a9b7c3bb8fa0239c5e6d6a2e28e57476b32a9671
                                • Instruction Fuzzy Hash: 9501247150D3C06FE3128B255C91AA2BF78EF43620F0880CBED849F193D2166909D7B2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80108, Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 17d21ae4cf83324fc2548c60ca6caba0e17a91cd6ab60e5c220fdadd67b86fac
                                • Instruction ID: 095703d270e1651786cfb9b7ddbe8aeac76f2e8104c13fe59c5ac7a3b4afe694
                                • Opcode Fuzzy Hash: 17d21ae4cf83324fc2548c60ca6caba0e17a91cd6ab60e5c220fdadd67b86fac
                                • Instruction Fuzzy Hash: D0117C30E0125ACFCB04EFA8D8609ADBBB9FB40309F5445A8E90197395DB706E09DB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C842F8, Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 048dc02b65671a072b2a88b050480b7c1cb52029d6eca2ea311428ebe93080a3
                                • Instruction ID: 7609a3699c6f866acf37bd20780eb7ce698edf5039e10601e485115c72dde8b3
                                • Opcode Fuzzy Hash: 048dc02b65671a072b2a88b050480b7c1cb52029d6eca2ea311428ebe93080a3
                                • Instruction Fuzzy Hash: 2D01D230800349DFC706EFB8E8816A87F35FB46314F008AAAE84427266E7B16957DF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 026605CF, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a60475dc5763ebbf722b2a108c6cfe7603fe07e585b7cff07cf63f3158f6788
                                • Instruction ID: dd9d4f9c839a69552a21d993cd0df4b8e4b60e4ad044d02c92e9dfe3e7ad5b94
                                • Opcode Fuzzy Hash: 7a60475dc5763ebbf722b2a108c6cfe7603fe07e585b7cff07cf63f3158f6788
                                • Instruction Fuzzy Hash: 8801DB755097805FC701CF16EC41893FFF8DF8623071984AFED498B612D125B505CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0266074B, Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0cbd7fd2af341e93c0ac779b26f4119195d3a7cd06d45ed6fd12b17992bd2357
                                • Instruction ID: 8983a6245609d191661e0be1a5b37a470aa2a5f39ce8862310de824fe81a0faf
                                • Opcode Fuzzy Hash: 0cbd7fd2af341e93c0ac779b26f4119195d3a7cd06d45ed6fd12b17992bd2357
                                • Instruction Fuzzy Hash: CA112E351092849FC716CB10C594B65BFB1BB46708F28C6EED8895B6A3C33A9807DF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C803E9, Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d96f4850e846f966d67b39e47b1d93b984987289b168c6af482a78c722bd0330
                                • Instruction ID: 78aeeabbd2499e885382d7a097ecc8c3747d1f0c9d16f680d85e40c98ca41eab
                                • Opcode Fuzzy Hash: d96f4850e846f966d67b39e47b1d93b984987289b168c6af482a78c722bd0330
                                • Instruction Fuzzy Hash: D8F06D30A42248AFC709DBF18890FFF7BBBDFC6204F1458D89405232858A756E06EA64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 02660701, Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fa7cf6357ec7f9154893417abcf66b734767ebf50572b67a2a235f12bfb992a6
                                • Instruction ID: f04c0ab65ecb6a5805b38e57e898cda8b915075111038479fa6386239923ffa8
                                • Opcode Fuzzy Hash: fa7cf6357ec7f9154893417abcf66b734767ebf50572b67a2a235f12bfb992a6
                                • Instruction Fuzzy Hash: E1014C35208284DFC716CB10D584B65BBA2FB89718F28C6ADE8491B752C337D813DF41
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80450, Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 10e8c8b02f39f9504a78b0b2e0c21f9bb4b850b5aa8b1ece109ca92ac3c12fa3
                                • Instruction ID: 8a921b3dc9211b5fa54ed64672b5efd350899afcfe2d0d66af4df94cc6295def
                                • Opcode Fuzzy Hash: 10e8c8b02f39f9504a78b0b2e0c21f9bb4b850b5aa8b1ece109ca92ac3c12fa3
                                • Instruction Fuzzy Hash: 03F04470C45388AFCB02EFB4C4659EEBFB8EF06210F5049E9D840A3202D7719A15DF50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80070, Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 172922daeedc5b443a78a910ba8beabe9d380aa2e0b746134cd4023e513df048
                                • Instruction ID: 3ff60d5d79ae38b4d355a222c02c4444769e59ddec235c7b8de8b53ef386e3b1
                                • Opcode Fuzzy Hash: 172922daeedc5b443a78a910ba8beabe9d380aa2e0b746134cd4023e513df048
                                • Instruction Fuzzy Hash: E8F08C70D412099BDBA4AFAAC8557FFBAF5EB49708F11182EC500F3280DB7569088BE4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80531, Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: faa2b094b22f8b4a864ec7c9d0a51667a913a70aa10d9e08d2416fea4d05148f
                                • Instruction ID: 48ff99ee178c0672e1607e5aba7dd2c6ec32e2896e22f70d1c5637478a6347d3
                                • Opcode Fuzzy Hash: faa2b094b22f8b4a864ec7c9d0a51667a913a70aa10d9e08d2416fea4d05148f
                                • Instruction Fuzzy Hash: 9401F274A1524DEFCB40EBA8C4949ADBFB1FB0A210F2085D9D810A7301D270AE1AEB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0266072F, Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ef2f00260d0899fed435c013ec5117cc04b225f2f5b8fde0b457012d2f436ecf
                                • Instruction ID: 2ee977d7a265b637fa976b18bbbea2104fda0a5040a7a1b48cc447e845e550ad
                                • Opcode Fuzzy Hash: ef2f00260d0899fed435c013ec5117cc04b225f2f5b8fde0b457012d2f436ecf
                                • Instruction Fuzzy Hash: D8F0AF3240D2C08FD302CB60D960B61BFE1AF4B214F1885DED8890B2A3C7369912DB42
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C803F8, Relevance: .0, Instructions: 32COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7daac51368173794ca7aef1ee0361a7d42081dbaeb8484e287ebb8e26ab198d0
                                • Instruction ID: 0250e99801f5ae82c16b59143adb13751d559324d7a1b0ab75e39aee0fd918a4
                                • Opcode Fuzzy Hash: 7daac51368173794ca7aef1ee0361a7d42081dbaeb8484e287ebb8e26ab198d0
                                • Instruction Fuzzy Hash: 24F0C034A42208ABD708DBF5C550FEF73BBDFD5204F605CA89505232898E756F01EAA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 02660818, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                • Instruction ID: a7e1a18d117dc3de63b352a0175077780da7e9fcd6fadc9702aaaae3dbeb8f4a
                                • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                • Instruction Fuzzy Hash: F4F0FB35108644DFC605CB40D944B25FBA2FB89718F24CAADE9490B752C337A813DE81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C809D9, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a377b097ff10b17c0ef83961e82a70c596f74ff6199c460e5902f5be18260bc0
                                • Instruction ID: df027859a0c5f52b4c0e84dfc7d0d27f7e619212b81026ac11a7652be3298109
                                • Opcode Fuzzy Hash: a377b097ff10b17c0ef83961e82a70c596f74ff6199c460e5902f5be18260bc0
                                • Instruction Fuzzy Hash: 55F0547094538CEFCB05EFB4D5616AD7F71AF82301F5501EAC8406B391DA305E55DB85
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80220, Relevance: .0, Instructions: 29COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcb9e01c8736f366e64a68547a1c9b1adad8f7a57976c6862b9a0a21b53b53ce
                                • Instruction ID: e114665e0b4ec292df1f4638c47e3941ec33c66a121899150bc96c06786f23dd
                                • Opcode Fuzzy Hash: fcb9e01c8736f366e64a68547a1c9b1adad8f7a57976c6862b9a0a21b53b53ce
                                • Instruction Fuzzy Hash: B6F08C70D09344DFCB11DBB6E4555EA7FB5EB46320F1040AADC8593211E2725A1AEB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 026605F6, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335482414.0000000002660000.00000040.00000040.sdmp, Offset: 02660000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 346f791e50b6b72f794a470e7373638e4c07c8af582e462012ae2b0372813259
                                • Instruction ID: 5b0f634cba9f221eac2abc2c220d7784f14970dd6e76bcfe50eec56e09190a9b
                                • Opcode Fuzzy Hash: 346f791e50b6b72f794a470e7373638e4c07c8af582e462012ae2b0372813259
                                • Instruction Fuzzy Hash: 59E06D766006008B9650DF0AEC81452F798EB88630B18C06FDC0D8B701E635B5048EA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255AB57, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 835a750ffd0068f6436dda0bd42619519ada52af307ee61f5f3c8c3f2968f49d
                                • Instruction ID: 4d357f5d937487289b7b74d19dfc01712e3e6eaa570ee782377dc213c1206152
                                • Opcode Fuzzy Hash: 835a750ffd0068f6436dda0bd42619519ada52af307ee61f5f3c8c3f2968f49d
                                • Instruction Fuzzy Hash: 88E0D87264030067D2209F069C82F53FB58DB84A30F14C457ED081B742E5B1B5148AF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A34F, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 620a99c933521d10a0d72141f2d10219d6d89d7e0a979020cfdb1983cdd926fc
                                • Instruction ID: 5328bdccdcc92d6c42e071eb653a25abcf5ea87597590f8a631fc760b53976c1
                                • Opcode Fuzzy Hash: 620a99c933521d10a0d72141f2d10219d6d89d7e0a979020cfdb1983cdd926fc
                                • Instruction Fuzzy Hash: 9CE0D87164030067D2509F06DC82B53FB58DB44930F14C457EE085B702E5B6B5048AE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A567, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 93985e6a6f2c30d6f2359dda3b96d7523b2ca29b09b91362668f8049454f1ef4
                                • Instruction ID: dc836877ec6762c5ee19a04690f91651c455e2dccdeac78a40d69d38d1e8aa8c
                                • Opcode Fuzzy Hash: 93985e6a6f2c30d6f2359dda3b96d7523b2ca29b09b91362668f8049454f1ef4
                                • Instruction Fuzzy Hash: E6E0D87164030067D2109F069CC2B53FB58DB44930F14C457ED081B701E5B5B5048AE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A8E7, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0b237f20377cc64db5ebc5fd4ada32e5409455eb0ab92bc36347bab92b6f2256
                                • Instruction ID: 84a7c25ec866528fbce8dcbf138c929842182f67fe1d4f5894c22ed145c4cf06
                                • Opcode Fuzzy Hash: 0b237f20377cc64db5ebc5fd4ada32e5409455eb0ab92bc36347bab92b6f2256
                                • Instruction Fuzzy Hash: 95E0D872A4030067D2109F069CC2F53FB58DB54A30F14C45BED081B741E5B5B5048AF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A68F, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e944c5ee7cf0085d59346d2327bea7cb9c127b62635c10630b15b74a1f6551df
                                • Instruction ID: 3686c5b59244f280f2b0d40bc0c9afe663e1d1944e47bd272792c95f9250cfa4
                                • Opcode Fuzzy Hash: e944c5ee7cf0085d59346d2327bea7cb9c127b62635c10630b15b74a1f6551df
                                • Instruction Fuzzy Hash: 20E0D87264030067D210DF069CC2F53FB58DB44A30F14C45BED081B701E5B1B5048AF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A138, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4ab1f60b4d42f0e7cd313182cb7f0b0c1e7dff552b8a3c9d1bd82ccb9fffb22e
                                • Instruction ID: 88916327349a276d4200edf771da9ad1f95605da265d763d221bb02672a7fc2b
                                • Opcode Fuzzy Hash: 4ab1f60b4d42f0e7cd313182cb7f0b0c1e7dff552b8a3c9d1bd82ccb9fffb22e
                                • Instruction Fuzzy Hash: 14E0D87164030067D2209F06AC82F53FB58EB44A30F14C457EE091B702E5B5B5048AF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255A7BB, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3367039c0291316266b9e16d8254c5fd4b17092026ebcbf55119a0e672dcb3ea
                                • Instruction ID: b0cac875390a450b7d93d28daad28ce47ae3d24714249221a281a42170e2d70d
                                • Opcode Fuzzy Hash: 3367039c0291316266b9e16d8254c5fd4b17092026ebcbf55119a0e672dcb3ea
                                • Instruction Fuzzy Hash: 73E0D87264030067D2109F069C82F53FB58DB84A30F18C45BEE085B702E5B5B5048AF5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C809E8, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03e6de5aa7c1c789b73aa14d01e1b7fca8b46c94b4da871591cf935fb8faf86e
                                • Instruction ID: 228c8e91be582041ea396f562425db191ec46e3d24ba334ba80d78f92feb2262
                                • Opcode Fuzzy Hash: 03e6de5aa7c1c789b73aa14d01e1b7fca8b46c94b4da871591cf935fb8faf86e
                                • Instruction Fuzzy Hash: DFF0C070D5121CEBCB04EFA8D5616ADB775AF81302F6401AA880567390DF306F54DB95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84350, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ee5533ac81529e79eca2d6e96e7baf04205d97be6581375eeca05eb41b12307
                                • Instruction ID: 9f19a08a9be6a97f19624d453ce836c5fc0a8bd19bfae8aa68891b02aeb668c5
                                • Opcode Fuzzy Hash: 3ee5533ac81529e79eca2d6e96e7baf04205d97be6581375eeca05eb41b12307
                                • Instruction Fuzzy Hash: C7F0A030844288AFCB05EF64D855AEDBF71AB06310F00809ADC8423252C7311A14EF18
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8DDC8, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 39b9a97374eb5a14c03f6c8243c026f52bdeed32e4a1b12898a05b492b0e715f
                                • Instruction ID: d45d05ac8284b153c0e63af1798d3949d1fb24b2be4d95423bceabecbc8e353f
                                • Opcode Fuzzy Hash: 39b9a97374eb5a14c03f6c8243c026f52bdeed32e4a1b12898a05b492b0e715f
                                • Instruction Fuzzy Hash: 8AF0393590020CEFCB00EF94D840AADBBB6FB48300F24C49AEC0957351D732AA61EF90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80460, Relevance: .0, Instructions: 24COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 490dd5857ff0904d08f9c6a21fad18dbcf87d57886b8cd4a9cf32b42228eb379
                                • Instruction ID: 36d372ab3dabfb6422f0952c2d5cf102557761da5e0aff890169bd0a340dec2f
                                • Opcode Fuzzy Hash: 490dd5857ff0904d08f9c6a21fad18dbcf87d57886b8cd4a9cf32b42228eb379
                                • Instruction Fuzzy Hash: C4F01574D41318DBCB04EFB4C0445AEBBB4EB05201F5049A9C800A3300D771AA54DF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8CC60, Relevance: .0, Instructions: 23COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 871bca909ac267efbd13a070c5770fa4df0b20431b535b179a8d0bcd26d4d1ac
                                • Instruction ID: 27b8dbeeb7ee981c1c1830fc808f4000739658c258688c56f739d3c3a3fca005
                                • Opcode Fuzzy Hash: 871bca909ac267efbd13a070c5770fa4df0b20431b535b179a8d0bcd26d4d1ac
                                • Instruction Fuzzy Hash: A7E01A30D44308EFC704EFA4E5456ADBBB5EB8A301F2091A9D84963350DB706A54EF94
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C84360, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c6ea424dd82301c57bf8b72595e8b0b4968d14c101c67b6e1ab3bc5bb6aec868
                                • Instruction ID: f0f9824d8098cad21baabed96e2cba2b0ca64a7449dfede490c0c96ff693427c
                                • Opcode Fuzzy Hash: c6ea424dd82301c57bf8b72595e8b0b4968d14c101c67b6e1ab3bc5bb6aec868
                                • Instruction Fuzzy Hash: 0CE08630C41308EFC704EF64D845AADFB71EB46311F108469EC4423380D7305A64EF98
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C80230, Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5df30c1285c552e92ef273e2732a827e61ba297356a4f0bca10326bdc2732168
                                • Instruction ID: 4c607f80053c540be7836d6443c25294c9d58ff49b5185cac4dcd25cfcd41a7a
                                • Opcode Fuzzy Hash: 5df30c1285c552e92ef273e2732a827e61ba297356a4f0bca10326bdc2732168
                                • Instruction Fuzzy Hash: C7E04F74D05308DBCB04EFA6D50556DBBBAEB45305F1080A9D80593341E771AE58EB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8CB60, Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 49ca087856a9bd418c7a21014c12822fb1468527f5c74f0d863c6f60de88a445
                                • Instruction ID: 16d429496669b9073b1728099d12a5cb950492bf9b2cb09f0ff449490256325a
                                • Opcode Fuzzy Hash: 49ca087856a9bd418c7a21014c12822fb1468527f5c74f0d863c6f60de88a445
                                • Instruction Fuzzy Hash: 9DE04F74D0430CEFCB04EFA4D044AACFBB5EB49300F1080A9DC0457310D631AA64EF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8C5A8, Relevance: .0, Instructions: 18COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7c746ebbc2801110e1ac6aef8770af0953106398b8a23877a61456c2174df2d1
                                • Instruction ID: 8e8ce87d1ce14aeabeffae5a33536e773eb8bf7281d412601bec3dbc3dcbaf50
                                • Opcode Fuzzy Hash: 7c746ebbc2801110e1ac6aef8770af0953106398b8a23877a61456c2174df2d1
                                • Instruction Fuzzy Hash: 7BD01771949308DBCB04EFA4D4406ADBBBAAB45305F6045AEC80427340DB75AA94FAA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C800ED, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0709ca1ca75197ec4dd504e50034c73e6205e589738e411c392b70eb4fca324a
                                • Instruction ID: 64fde7a3bd3112173ae34e7c0ffc22d780bb0148fce65e5b863aa91505193f6e
                                • Opcode Fuzzy Hash: 0709ca1ca75197ec4dd504e50034c73e6205e589738e411c392b70eb4fca324a
                                • Instruction Fuzzy Hash: 44D01735E01208CBCB009FA5E0846EDB775FB89329F14886AC114A3200D33164588FA0
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8BFB8, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 631eb53d13ecdc5c83b05be7cfdcc1f0494f97eaa3081c1c00689018019c425c
                                • Instruction ID: e746ff53e5cd48681f43f6506ad20117b6437ad2cc393abcc23584b2b07af426
                                • Opcode Fuzzy Hash: 631eb53d13ecdc5c83b05be7cfdcc1f0494f97eaa3081c1c00689018019c425c
                                • Instruction Fuzzy Hash: 2BD05E34D55308DBC700FFA8D4416ADBBB89F05705F1404A9980423281E674BE94EF95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C85360, Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 00b970854e2eefc9d2bc3f57ee9d4055c115b55cf6e1a4db7bc705ecfb1f2186
                                • Instruction ID: d00b36c6c47561d808bd1a9106831a52b209fbe1ee668b5a88b8a7e5d48a5d8d
                                • Opcode Fuzzy Hash: 00b970854e2eefc9d2bc3f57ee9d4055c115b55cf6e1a4db7bc705ecfb1f2186
                                • Instruction Fuzzy Hash: 18D05E30D55308EFC704EFA4E4496ACFFB8AB06305F5005A9DC0863340EBB1AA94EF91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8C198, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3779bb1bb16ffec2ae03056f1d1ceae54e3503342356de2bc95aec00f98636ba
                                • Instruction ID: 5f89fd6fb0bfb157b9d32dc65d0aaf1be9c8c02ed0c1053c1c2aa9745995d59c
                                • Opcode Fuzzy Hash: 3779bb1bb16ffec2ae03056f1d1ceae54e3503342356de2bc95aec00f98636ba
                                • Instruction Fuzzy Hash: 57D02271885308EFD300FFA1E445B6EB72CE706705F2404AC990823280DBB16E44EEA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8BE90, Relevance: .0, Instructions: 16COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7ab2d55513bebf7bd0c20e45ea55187f6ce91b5e06eb205d6ba9fe907b67afb4
                                • Instruction ID: 4d1b0b07f6aae2517a9ec74539d3119147ccf6e79855291b6262a778e2c4842a
                                • Opcode Fuzzy Hash: 7ab2d55513bebf7bd0c20e45ea55187f6ce91b5e06eb205d6ba9fe907b67afb4
                                • Instruction Fuzzy Hash: 8DD0A93088530CEFD304EEA0E405B6AB76DA707205F2420ACA90813241EBB17E44EAA4
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8C570, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8c386e8bb76dcbda0e37013cdef1b391a6d996384dbc434cb7a0f3d7aae7b6ed
                                • Instruction ID: 97fd7505010a720e2cf1c1792ca9fc856eaed554655966cfe005872877679962
                                • Opcode Fuzzy Hash: 8c386e8bb76dcbda0e37013cdef1b391a6d996384dbc434cb7a0f3d7aae7b6ed
                                • Instruction Fuzzy Hash: 91D01270955318EBDB00FEF9D58477FBBACD70A309F540C99980993201E971AE50FBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B523F4, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335270085.0000000000B52000.00000040.00000001.sdmp, Offset: 00B52000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f883e959930917b35e9bd4cd19bcab08a0d7163eca23a972afde0b3b614161aa
                                • Instruction ID: 640910d258c8102e84a2e2301c42bb7c288afbf9ac50224a83bbc69186a6c4e6
                                • Opcode Fuzzy Hash: f883e959930917b35e9bd4cd19bcab08a0d7163eca23a972afde0b3b614161aa
                                • Instruction Fuzzy Hash: 80D05E79216A818FD3268B1CC1A9B953BD4EB52B05F4644FDEC008B763C368D985D200
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C800CD, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d4b53c3c44ef147f97018c3d10c8d8bc9fd97e5d9d8c37e6532a8d3397d65202
                                • Instruction ID: a8a4f1f000b8b8dc03086b7326305cf58663be94f96c47e992ac24beaec8a1e3
                                • Opcode Fuzzy Hash: d4b53c3c44ef147f97018c3d10c8d8bc9fd97e5d9d8c37e6532a8d3397d65202
                                • Instruction Fuzzy Hash: 53D0C936E41208CF8B008FF8E0804DCF775FB89225B5098AAC524B3300D732A425CF64
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00B523BC, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335270085.0000000000B52000.00000040.00000001.sdmp, Offset: 00B52000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f24bf5fa4c09d182f76981c4244a717d64240a7882ad0c0297c2c3f1342c866c
                                • Instruction ID: 9d687c8c0321d01600f4c9071d6af6ce21170621249f272d106e78499330d36d
                                • Opcode Fuzzy Hash: f24bf5fa4c09d182f76981c4244a717d64240a7882ad0c0297c2c3f1342c866c
                                • Instruction Fuzzy Hash: F2D05E342012818FD715DB0CC594F5937D4EB42B01F0644E8AC008B662C3A8DC85C600
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8DEF8, Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cfb527d1bc9853508e7449f2fcde9f5bbab68b60fb57e2061279c41382586263
                                • Instruction ID: 332a03e5af663e00ae73c364da58fe6c81f5458f642f4562f9f1ca8505e41cee
                                • Opcode Fuzzy Hash: cfb527d1bc9853508e7449f2fcde9f5bbab68b60fb57e2061279c41382586263
                                • Instruction Fuzzy Hash: 15C08C3009530483D1003660A018331B34E830A209F0C1C04580E02082ABB0A898FA54
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8765E, Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4fce5ec14ec4be85c2cf9b13d0e70231fabb61eb0cf7c974f6b1eff23386d7a6
                                • Instruction ID: d781506e2f233c64f19a47e9e34b247ee699800cb6aa9b0c957ae7e6ecfd48f9
                                • Opcode Fuzzy Hash: 4fce5ec14ec4be85c2cf9b13d0e70231fabb61eb0cf7c974f6b1eff23386d7a6
                                • Instruction Fuzzy Hash: C5D092B4A411288FCB60DF18C885798F7F5AB49300F50D4DA9A0DB3301DBB0AEC98F14
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions

                                Function 04C85390, Relevance: 5.1, Strings: 4, Instructions: 140COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr$>_Ir$`5kr$f]Ir
                                • API String ID: 0-3492759196
                                • Opcode ID: 43aac0dd00db9129f9d97aa5fd7d20723ffdc17a89313f46dee79d35f20520a6
                                • Instruction ID: 4d5736623ad48236c8fac9c3b116dfbf403bfdcd5f4d5e996e2f0781e8f9494c
                                • Opcode Fuzzy Hash: 43aac0dd00db9129f9d97aa5fd7d20723ffdc17a89313f46dee79d35f20520a6
                                • Instruction Fuzzy Hash: 6A518A30E01619CFD748EF6AD85978EBFE2FFC4304F148569E508A7265EFB0584A8B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C853A0, Relevance: 5.1, Strings: 4, Instructions: 136COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr$>_Ir$`5kr$f]Ir
                                • API String ID: 0-3492759196
                                • Opcode ID: 1514f61e0050a9923d6dad8e624052ab871e2200c65101f5d4256e5ec290d9c1
                                • Instruction ID: d5c9570cc54197465126c773748c031bf5af0ae9553293d56e36d8a467aad1a7
                                • Opcode Fuzzy Hash: 1514f61e0050a9923d6dad8e624052ab871e2200c65101f5d4256e5ec290d9c1
                                • Instruction Fuzzy Hash: 4F517830E01619CFD748EF6AD85578EBFE2FFC4304F148569E508AB269EFB0584A8B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 002C52E6, Relevance: 4.2, Instructions: 4175COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.334597301.00000000002C2000.00000002.00020000.sdmp, Offset: 002C0000, based on PE: true
                                • Associated: 00000000.00000002.334591672.00000000002C0000.00000002.00020000.sdmp Download File
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 197d8c61177f4d2eb27c86b579fce3b5c99bebfdbfd41efbb3bca2db7cef12b2
                                • Instruction ID: febd5fee8e324a16e7f952396281559cca43700b04b55bd6a597af6b1a1816de
                                • Opcode Fuzzy Hash: 197d8c61177f4d2eb27c86b579fce3b5c99bebfdbfd41efbb3bca2db7cef12b2
                                • Instruction Fuzzy Hash: E573245144EBC21FD7038BB82D31AE2BFB96D5321430E45CBD4C08F5A3D6146AAAE776
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0255833A, Relevance: .2, Instructions: 189COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.335338611.0000000002552000.00000040.00000001.sdmp, Offset: 02552000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 50b57bbfb428ec1e72775f5230bdc495c78e5a3ffadfe7cf39ff238a5741baed
                                • Instruction ID: 17e328d12a3e5b13098031d77b15afc4627c3080d9fa5357a340c62775c8982f
                                • Opcode Fuzzy Hash: 50b57bbfb428ec1e72775f5230bdc495c78e5a3ffadfe7cf39ff238a5741baed
                                • Instruction Fuzzy Hash: 4761351155D3E46FD7438B7448B99E67FB4AD0311470E84CFD8C08F0A3C25A6A1EDB2A
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C855E8, Relevance: .1, Instructions: 106COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 361d632db52926ecce989f0f0a971a0dbd705dde0f5bc3b5517aee23abbf4321
                                • Instruction ID: f428359675318009fa27cf2bb259b67d5ee9b12ad0245cc78af28089e33427b5
                                • Opcode Fuzzy Hash: 361d632db52926ecce989f0f0a971a0dbd705dde0f5bc3b5517aee23abbf4321
                                • Instruction Fuzzy Hash: 8D4152B1E016589BEB1CCF6B8D4078EFAF7AFC9200F14C5FA850DA6214EB7009868E55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 04C8E2F0, Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.339264670.0000000004C80000.00000040.00000001.sdmp, Offset: 04C80000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7a402577813db46602de0fdf11cce16cdc02dcfb314cee6598154374a89d9f7a
                                • Instruction ID: 58f2f947c8a4564f31cf10018c62081d56b939aaa1f04a71d994a82e32065a9d
                                • Opcode Fuzzy Hash: 7a402577813db46602de0fdf11cce16cdc02dcfb314cee6598154374a89d9f7a
                                • Instruction Fuzzy Hash: 3D11E370D042199FDB14DFAAC844BFEBEF1AB0A304F149469D408F3280D7749A44DFA8
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Analysis Process: invoicepdf.exe PID: 7052 Parent PID: 6812 invoicepdf.exeCOMMON

                                Executed Functions

                                Function 0570F3F8, Relevance: 23.6, APIs: 1, Strings: 12, Instructions: 829libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.600413731.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr$X1kr
                                • API String ID: 2994545307-2965069383
                                • Opcode ID: db945a5aae85e0b7b64427ddc241bbe31db96edeb808a3904b5ce1b276c62892
                                • Instruction ID: 57695351a388267df36cb716fdf1755b6e0097fb5b0913ef2492aba4f8763192
                                • Opcode Fuzzy Hash: db945a5aae85e0b7b64427ddc241bbe31db96edeb808a3904b5ce1b276c62892
                                • Instruction Fuzzy Hash: EF623171E00224DFDB25DF64C844B9EBBF2BF89300F1585AAE909AB2A1DB719D45DF40
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3A88, Relevance: 8.2, APIs: 1, Strings: 3, Instructions: 1218libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr$:@Dr$:@Dr
                                • API String ID: 2994545307-1395999109
                                • Opcode ID: 85be44dcf60dbc5be2c5745574494ea0a4a360f2478afc677bbaca0390d0bf52
                                • Instruction ID: 01b2f9d20e97ea51312669a22feef09e750353b82df458e6981feeb25fe30fd9
                                • Opcode Fuzzy Hash: 85be44dcf60dbc5be2c5745574494ea0a4a360f2478afc677bbaca0390d0bf52
                                • Instruction Fuzzy Hash: 81C29574A116288FCB65DF68DD54B9EBBB6EF48302F1080E6E909A7351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAF07, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00CCAF87
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: b74a0441d38fc7b803071ce47e804c13aa34e12e32e0187c74e52139cb9bf709
                                • Instruction ID: a95923e9f87c1ef44b5881adc1b30cd829cbf22a9c8b0854d5ddb7ac93bde19b
                                • Opcode Fuzzy Hash: b74a0441d38fc7b803071ce47e804c13aa34e12e32e0187c74e52139cb9bf709
                                • Instruction Fuzzy Hash: 1A219FB5509784AFDB228F65DC44B52BFF4EF16314F0884DEE9858F163D271A908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB089, Relevance: 1.6, APIs: 1, Instructions: 57nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL ref: 00CCB0F5
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: 5934d28f8f7f85d9bf69e920323ce6a0a96294d2412d2e913cd04b0a4011967d
                                • Instruction ID: 6622f6e2dacfa07058f653d7ae734830c9d108288ef4f2566ee97b404f7c44b9
                                • Opcode Fuzzy Hash: 5934d28f8f7f85d9bf69e920323ce6a0a96294d2412d2e913cd04b0a4011967d
                                • Instruction Fuzzy Hash: A5118E72409784AFDB228F25DC45A52FFB4EF16324F0980DAE9848B163D275A918DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAF3E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 00CCAF87
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: AdjustPrivilegesToken
                                • String ID:
                                • API String ID: 2874748243-0
                                • Opcode ID: 58c473eecd4dd82b49bdbf891fbb1f9aff22f3a5c6ef78544d7cb97e901def25
                                • Instruction ID: c2947b3601cd1b658c15254914f36a08b9c4ce5c7f8cd4b23d94f4c9e1188f0c
                                • Opcode Fuzzy Hash: 58c473eecd4dd82b49bdbf891fbb1f9aff22f3a5c6ef78544d7cb97e901def25
                                • Instruction Fuzzy Hash: A61173755006049FDB20CF95D844B56FBE4EF04314F18C56EDD458B615D271E518DB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB0BA, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                Download Yara Rule
                                APIs
                                • NtQuerySystemInformation.NTDLL ref: 00CCB0F5
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: InformationQuerySystem
                                • String ID:
                                • API String ID: 3562636166-0
                                • Opcode ID: 9218dc4bdb6c2e8947189940803f23cc4e7feb4a5fd6865f87178cb377fd1fa9
                                • Instruction ID: 44924feb1844193213be593bf189b5316eb26e58b5ed9884e7df3582403ba1a7
                                • Opcode Fuzzy Hash: 9218dc4bdb6c2e8947189940803f23cc4e7feb4a5fd6865f87178cb377fd1fa9
                                • Instruction Fuzzy Hash: 75018B31400644DFDB20CF96D886B26FFE0EF08320F18C09EDE994B212C3B5A818DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3AB8, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 689libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: ceca5867fef99ce91885fe5d2062e7f23e1937035e7258d0bf9736f5300a49ae
                                • Instruction ID: 7c2823315d65416f97d429b4910577b808d5ccdbab578853ed34287239b0c648
                                • Opcode Fuzzy Hash: ceca5867fef99ce91885fe5d2062e7f23e1937035e7258d0bf9736f5300a49ae
                                • Instruction Fuzzy Hash: 59726174E106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3B03, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 679libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: ba20d7a369537052cc111a00f9620e30c7af13cb074b15ef4bc33bcfcbdacaf6
                                • Instruction ID: a1cbe822e3ab0289a2c1cb24899d317a359263c5a2eba1b7fa044516030ef7b7
                                • Opcode Fuzzy Hash: ba20d7a369537052cc111a00f9620e30c7af13cb074b15ef4bc33bcfcbdacaf6
                                • Instruction Fuzzy Hash: 8B727174E106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3B4E, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 671libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: f5351bdd3a3925fd1993f225f71da185f2650debc535edd4a2ec0b9bb48841d5
                                • Instruction ID: 4b59fbeed2d3f3e11f7b5d9fafbe573967c43bd4f5373840cb1c154c5dec8a06
                                • Opcode Fuzzy Hash: f5351bdd3a3925fd1993f225f71da185f2650debc535edd4a2ec0b9bb48841d5
                                • Instruction Fuzzy Hash: 9D727174E106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3BA2, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 661libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: 089821f349bdf95c12d970f75ffad2b3d2a71c74285c787c29e478ff000a72e0
                                • Instruction ID: a86c336b074b561b998e81a78887c3377ce03efe6cfe9611f521516109091f19
                                • Opcode Fuzzy Hash: 089821f349bdf95c12d970f75ffad2b3d2a71c74285c787c29e478ff000a72e0
                                • Instruction Fuzzy Hash: 88727074E106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3BF6, Relevance: 4.2, APIs: 1, Strings: 1, Instructions: 651libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: 65fbdef0f59f41d9bb1a4c6c0dc211d00bde5d8bec076f743ce99b6e122ee221
                                • Instruction ID: d5070f3ab863e7e23133054a54e99a0f4b9f35fbcc232f50a25bd90b13d90c8f
                                • Opcode Fuzzy Hash: 65fbdef0f59f41d9bb1a4c6c0dc211d00bde5d8bec076f743ce99b6e122ee221
                                • Instruction Fuzzy Hash: C9628074E106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3C4A, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 641libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: 5fbff0c82dd0b2161f50e609a90167ec49f7427395005e2c92f9f1a20664e13f
                                • Instruction ID: 32f6868e973d3320960b985f6a26ffe16a7f228a977cbe6caff786715beaa35f
                                • Opcode Fuzzy Hash: 5fbff0c82dd0b2161f50e609a90167ec49f7427395005e2c92f9f1a20664e13f
                                • Instruction Fuzzy Hash: 04627074A106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 029B3C9E, Relevance: 4.1, APIs: 1, Strings: 1, Instructions: 631libraryCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.596225566.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID: :@Dr
                                • API String ID: 2994545307-3830894600
                                • Opcode ID: 1984657e6700290632f04dcc7da56807f8998ed65d40c53da2c96342ed3b7451
                                • Instruction ID: f85330d05cf6a56345799a5ce1032c15fed24484125f48b3b33e0d504260fbd2
                                • Opcode Fuzzy Hash: 1984657e6700290632f04dcc7da56807f8998ed65d40c53da2c96342ed3b7451
                                • Instruction Fuzzy Hash: 00628074E106288FCB65DF68DD98A99BBF5EF48312F1081E6E909A3351DB309E81CF15
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0570C56F, Relevance: 1.7, APIs: 1, Instructions: 206libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600413731.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 161e22a86bf8c1df753c5863cefa89d7b4ad48301e30910515b85c497d4e72d1
                                • Instruction ID: 4cb012b74c413215b90f357dd3ce0a43c44bf5ba329ed85cb112e94f1841e695
                                • Opcode Fuzzy Hash: 161e22a86bf8c1df753c5863cefa89d7b4ad48301e30910515b85c497d4e72d1
                                • Instruction Fuzzy Hash: 2D61A170B04245DFDB01ABB8D844BAEBBF6EF85300F24956AE505DB285EB34EC05CB60
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0570ED98, Relevance: 1.7, APIs: 1, Instructions: 202libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600413731.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 2dd63ccb0b8b3d0b1236a3a8c11c49eb6f8a04e06ea153676cb2252613ffb929
                                • Instruction ID: d033692b44a0c1b4d162798466dc768edf7ca650607df3dae4aca7ff97038b7d
                                • Opcode Fuzzy Hash: 2dd63ccb0b8b3d0b1236a3a8c11c49eb6f8a04e06ea153676cb2252613ffb929
                                • Instruction Fuzzy Hash: 66714B30A00205DFDB14DFB8D498BAEBBF6BF88315F149929D506A7390DF74A881DB90
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0570C620, Relevance: 1.7, APIs: 1, Instructions: 155libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600413731.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: 8503f64ba3b5672dc23d5786ff3fe59a9d93ec7e00d33f4b92ff6b8263ebc1a4
                                • Instruction ID: a2dde46425ad98b12e9f5906a82a401b197aabb725d8cba295c97a127ad0f515
                                • Opcode Fuzzy Hash: 8503f64ba3b5672dc23d5786ff3fe59a9d93ec7e00d33f4b92ff6b8263ebc1a4
                                • Instruction Fuzzy Hash: 80513270B00205DFDB04EBB8D944AAEB7F6FF84304F24996AE506DB284DF709C059BA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E227D, Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                Download Yara Rule
                                APIs
                                • OpenFileMappingW.KERNELBASE(?,?), ref: 055E238D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileMappingOpen
                                • String ID:
                                • API String ID: 1680863896-0
                                • Opcode ID: 12f3771149ef0bcdaeccba54c9991b454a22869fe09f9c587c841dd9433201ed
                                • Instruction ID: e0004379d0104fd6acb7c61b16fabaed648db91dc4962e5c81ab9218378033a8
                                • Opcode Fuzzy Hash: 12f3771149ef0bcdaeccba54c9991b454a22869fe09f9c587c841dd9433201ed
                                • Instruction Fuzzy Hash: 0041B4755093806FE712CB25DC45F92FFB8EF46620F1884DBEA849F293D265A908CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1D0D, Relevance: 1.6, APIs: 1, Instructions: 112networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Socket
                                • String ID:
                                • API String ID: 38366605-0
                                • Opcode ID: bfb9d107500de159bc83df84e3eb2af967b2a918b849622998004bea8cbc8856
                                • Instruction ID: fc9f7b91c055d93c316d8e57529f7da86eff67486f2332a13de065969cde4425
                                • Opcode Fuzzy Hash: bfb9d107500de159bc83df84e3eb2af967b2a918b849622998004bea8cbc8856
                                • Instruction Fuzzy Hash: A4417E7150DBC0AFD7238B658C54B66BFB5EF07210F0985DBE9C58F1A3C265A809CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2AE7, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                Download Yara Rule
                                APIs
                                • getaddrinfo.WS2_32(?,00000E2C), ref: 055E2BBB
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: getaddrinfo
                                • String ID:
                                • API String ID: 300660673-0
                                • Opcode ID: fd4e1c73f7b5a13ed7cfd5fb70f7919562da72cfc8527cbdf26b5a48086d9c7b
                                • Instruction ID: ddfff993d1ad2e6707d6e753526ce9f5ce58adb46099c760c3ecd9d8a55bb42d
                                • Opcode Fuzzy Hash: fd4e1c73f7b5a13ed7cfd5fb70f7919562da72cfc8527cbdf26b5a48086d9c7b
                                • Instruction Fuzzy Hash: 1A31A371004344AFE7218B61CC45FA6BFACEF46710F14899AFA849B182D375A549CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E0E04, Relevance: 1.6, APIs: 1, Instructions: 96fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 055E0EB1
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: 00cce2af88ad4e56ad7d56d61a183764d12af066e948b0d265f68caf3dcca1b3
                                • Instruction ID: 6cfea4204f894c3636d31eafdf3134df301bb81cca3c1340bd4d41958e7339e2
                                • Opcode Fuzzy Hash: 00cce2af88ad4e56ad7d56d61a183764d12af066e948b0d265f68caf3dcca1b3
                                • Instruction Fuzzy Hash: 4A317E71504380AFE722CF65CC44F62BFE8FF46610F0884AAE9859B252D375E409CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E180B, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E18C0
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 88ea79517485b148c30ad7ef28e30d3da4a220f92377ba79a22d41c7a61d13bd
                                • Instruction ID: fd7ad5eb0cd4300380baf19ca2a03359388c7f3b1b854c76684ec36dd417a797
                                • Opcode Fuzzy Hash: 88ea79517485b148c30ad7ef28e30d3da4a220f92377ba79a22d41c7a61d13bd
                                • Instruction Fuzzy Hash: D3319372509784AFEB22CF64CC45FA6BFB8AF46310F08849BE9859B152D274A509CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2D99, Relevance: 1.6, APIs: 1, Instructions: 92networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAIoctl.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2E4D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Ioctl
                                • String ID:
                                • API String ID: 3041054344-0
                                • Opcode ID: 5507cfac2b16c084150120f98270270ff373e0e560b5b2d5a9916f1149904c4b
                                • Instruction ID: 14703688bea2c4f53b765ff6db3663b429c4a3dba23825acf5bd7891f390664c
                                • Opcode Fuzzy Hash: 5507cfac2b16c084150120f98270270ff373e0e560b5b2d5a9916f1149904c4b
                                • Instruction Fuzzy Hash: 8E318075408784AFEB22CF61CC44F62BFB8FF06310F08849BE9858B162D234A909CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 0570ED37, Relevance: 1.6, APIs: 1, Instructions: 92libraryCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600413731.0000000005700000.00000040.00000001.sdmp, Offset: 05700000, based on PE: false
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: a5c01099ee39848cd5f8a51496431c6a482882ccf02b933d1833d29f87a6a97a
                                • Instruction ID: 54416c0ed633bc08336164d77f9bd9dfd44df0c94d1fb0dc129575937e4c57da
                                • Opcode Fuzzy Hash: a5c01099ee39848cd5f8a51496431c6a482882ccf02b933d1833d29f87a6a97a
                                • Instruction Fuzzy Hash: 20319C30A01249DFD715DBA8C848BAEBBF2FF89300F5584AAD505AB391DB359886CB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA8D9, Relevance: 1.6, APIs: 1, Instructions: 90registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00CCA989
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: c8fa2f10126b59c49956761eb268b1e83373c17c568576b54315e728e1f4ffaf
                                • Instruction ID: 81409b1dff0b1e993eacb6d952ae7fa7ae1fc65515923a6264ed29e7158931c4
                                • Opcode Fuzzy Hash: c8fa2f10126b59c49956761eb268b1e83373c17c568576b54315e728e1f4ffaf
                                • Instruction Fuzzy Hash: 07319372408784AFE7228B25CC85F67FFBCEF06714F08859BE985DB152D264A948CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E214C, Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                Download Yara Rule
                                APIs
                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 055E21E3
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: DescriptorSecurity$ConvertString
                                • String ID:
                                • API String ID: 3907675253-0
                                • Opcode ID: 6b401f81ad08dab1021f15d63820561f56aeb224c9061605f2d1918370f9a790
                                • Instruction ID: 2fca1b2d1326763dce79e66fd1f9a86b7ab09261130fa61c8319bf35911f819b
                                • Opcode Fuzzy Hash: 6b401f81ad08dab1021f15d63820561f56aeb224c9061605f2d1918370f9a790
                                • Instruction Fuzzy Hash: FB31BF72504345AFEB218B65DC45F67BFACEF46320F0884AAE984DB252D264A908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA9D1, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCAA8C
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: fc70b86ab281ff2b1739359ffea6173cf9adc6a3682efd679b32176a705f5a3a
                                • Instruction ID: 58424109ca669711f676ba337cfec503f368fd88214a78020ae3499054514fb7
                                • Opcode Fuzzy Hash: fc70b86ab281ff2b1739359ffea6173cf9adc6a3682efd679b32176a705f5a3a
                                • Instruction Fuzzy Hash: 4831C471509784AFE722CF21CC45F62BFF8EF06314F08849BE985CB252D264E949CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E204E, Relevance: 1.6, APIs: 1, Instructions: 87registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E20F8
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: f88aa6940d4803fd5aba57bbf0c93d6fe76eddd0bb1a8ecd00c068bfd2ba7d2a
                                • Instruction ID: 0209e5f250d19a13ff2dd80a5f365216fe6640eaeef4e5ed58b25472bd8895dd
                                • Opcode Fuzzy Hash: f88aa6940d4803fd5aba57bbf0c93d6fe76eddd0bb1a8ecd00c068bfd2ba7d2a
                                • Instruction Fuzzy Hash: DC318076509384AFEB228B25DC41F96BFF8EF06310F08849BE9859B193D264A549CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E23E4, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileView
                                • String ID:
                                • API String ID: 3314676101-0
                                • Opcode ID: 3654ccdebe4c98ea73303556255f69e80d5695f74507b5afc708f3a2b7c5e337
                                • Instruction ID: 605c85bef8e7146418d39df71d56c18418e1149ceab7e08277a76b900eb66ca5
                                • Opcode Fuzzy Hash: 3654ccdebe4c98ea73303556255f69e80d5695f74507b5afc708f3a2b7c5e337
                                • Instruction Fuzzy Hash: D331C2B2404784AFE722CB55DC45F96FFF8FF06320F04859AE9848B252D365A549CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2E97, Relevance: 1.6, APIs: 1, Instructions: 87networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAEventSelect.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2F3E
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: EventSelect
                                • String ID:
                                • API String ID: 31538577-0
                                • Opcode ID: 3f278cd221ae7ee58c61c536015be2418675124955232150bc73b822575fbbcb
                                • Instruction ID: 7577148ae344d48498be920cbc648561194e4eff5af1838c8addd31e66208dbb
                                • Opcode Fuzzy Hash: 3f278cd221ae7ee58c61c536015be2418675124955232150bc73b822575fbbcb
                                • Instruction Fuzzy Hash: 2B318F72409384AFE7138B25DC55F96BFB8EF07314F0884DBEA849B253D224A549CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB21C, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                Download Yara Rule
                                APIs
                                • TerminateProcess.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCB2B0
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ProcessTerminate
                                • String ID:
                                • API String ID: 560597551-0
                                • Opcode ID: 262b34a0a48884c8a07589c9731972933a69aeddaf0da0188a3c3b74c7bb98ef
                                • Instruction ID: 815510b3195e0602463aff44e4ebc5471594fb0f9cf86ec90b60ab3d7a6b6510
                                • Opcode Fuzzy Hash: 262b34a0a48884c8a07589c9731972933a69aeddaf0da0188a3c3b74c7bb98ef
                                • Instruction Fuzzy Hash: 6721D672509380AFE7128B65DC45F96BFB8EF47320F0880EBE944DF193D264A909C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2699, Relevance: 1.6, APIs: 1, Instructions: 85synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 055E2739
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: b4a97649ee5e6e91936d7d860eed2d32a1d0c3d54881c701a56e23fb2364d5b9
                                • Instruction ID: bf8609b88c6157f92c25ede728b08bed7c703a1bd879f41272f729c5047d1df0
                                • Opcode Fuzzy Hash: b4a97649ee5e6e91936d7d860eed2d32a1d0c3d54881c701a56e23fb2364d5b9
                                • Instruction Fuzzy Hash: A33181B5509384AFE716CF25CC85F56FFE8FF06210F08849EE9858B292D365E908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB309, Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON
                                Download Yara Rule
                                APIs
                                • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 00CCB3B6
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: FormatMessage
                                • String ID:
                                • API String ID: 1306739567-0
                                • Opcode ID: 76dc1ddf93cda3c9f8bc31c1b623428eeeb89265d14c56f372f3abedf89b3897
                                • Instruction ID: ee66a86a923db4de53929714cd7be27958a4fcbc7ccdc4795f60188150a123f1
                                • Opcode Fuzzy Hash: 76dc1ddf93cda3c9f8bc31c1b623428eeeb89265d14c56f372f3abedf89b3897
                                • Instruction Fuzzy Hash: 9731817154D3C45FD7038B218C55A66BFB4EF87610F0980CBD984CF2A3E6246909C7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2B16, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                Download Yara Rule
                                APIs
                                • getaddrinfo.WS2_32(?,00000E2C), ref: 055E2BBB
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: getaddrinfo
                                • String ID:
                                • API String ID: 300660673-0
                                • Opcode ID: 7cfe3d91e23437878e5dc6795bea1fd72d9a374ac59f8cec2c4e76286ef8046c
                                • Instruction ID: 91b98bd0a9271a1913bb051ffae78e362cd5ba255964e450e519b67fa56acef9
                                • Opcode Fuzzy Hash: 7cfe3d91e23437878e5dc6795bea1fd72d9a374ac59f8cec2c4e76286ef8046c
                                • Instruction Fuzzy Hash: C521BFB1100204BFFB21DF24CC85FA6FBACEB44710F10885AFA499A281D6B4A5498BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1722, Relevance: 1.6, APIs: 1, Instructions: 83registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 055E17B6
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: b26e42fef94aa88167912dea422825e36640315dd73921b19f2bb2de6addae7f
                                • Instruction ID: c7a62754a206742a8ea4f7ac20e3b60a41effb355e2294bd5c691d0ecf595c9e
                                • Opcode Fuzzy Hash: b26e42fef94aa88167912dea422825e36640315dd73921b19f2bb2de6addae7f
                                • Instruction Fuzzy Hash: 4E218DB2508744AFEB218F65DC45F67FFA8EF45720F08849AED449B252D274A908CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2790, Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                Download Yara Rule
                                APIs
                                • shutdown.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2824
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: shutdown
                                • String ID:
                                • API String ID: 2510479042-0
                                • Opcode ID: e136e0e1720fa2e09ad29ac633b973863d99d25ac569139014be6e270af54c71
                                • Instruction ID: 5e23eb79782442f92ad146ea8cce37645390a2ee3b87a1b2b9083ff445779964
                                • Opcode Fuzzy Hash: e136e0e1720fa2e09ad29ac633b973863d99d25ac569139014be6e270af54c71
                                • Instruction Fuzzy Hash: 2D21D3B5409784AFE712CB14DC85F66BFACFF46320F08819BEA449F192D364A505C761
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA120, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00CCA1C2
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: Startup
                                • String ID:
                                • API String ID: 724789610-0
                                • Opcode ID: 62b7d0782a42c93dad610b98109fedf0157894ca5d5bdd90f9d79699a78a852b
                                • Instruction ID: c7c609368fac6305ccc821e1a299b850dd5698718e43f7045167c8723c43a5f4
                                • Opcode Fuzzy Hash: 62b7d0782a42c93dad610b98109fedf0157894ca5d5bdd90f9d79699a78a852b
                                • Instruction Fuzzy Hash: D031B17140D3C06FD7128B358C55B62BFB4EF47620F1985DBD9848F293D225A909CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB711, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                Download Yara Rule
                                APIs
                                • K32GetModuleInformation.KERNEL32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCB7A2
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: InformationModule
                                • String ID:
                                • API String ID: 3425974696-0
                                • Opcode ID: 464d9fcb7257e2ec04b92381ee762144c9822969720fb4f3dbece06066c750e8
                                • Instruction ID: ecc3f39f4f5465cc0062f2b8195ec789b51d86536cff2b69c0b6a140f5bab9d0
                                • Opcode Fuzzy Hash: 464d9fcb7257e2ec04b92381ee762144c9822969720fb4f3dbece06066c750e8
                                • Instruction Fuzzy Hash: 6C219F71509384AFE7228B65CC45F66BFACEF46320F0884ABE945DB252D364E948CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB808, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                Download Yara Rule
                                APIs
                                • K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 00CCB8AE
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: FileModuleName
                                • String ID:
                                • API String ID: 514040917-0
                                • Opcode ID: 2f991a5214e924cc840e71426e1aca8ad1f256b2f5eedfead77d30f2e49490e4
                                • Instruction ID: dbc2a9614d57b07efb8e3a92fb8194f92121c87fce6b1bc989bb88f54fabb723
                                • Opcode Fuzzy Hash: 2f991a5214e924cc840e71426e1aca8ad1f256b2f5eedfead77d30f2e49490e4
                                • Instruction Fuzzy Hash: 5921A0714093C06FD712CB65CC55F66BFB8EF87610F0980DBE9848B2A3D624A909C7B2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E0F08, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E0F9D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: 83ca78ad02c8d2a9b9c6397df600287f555a42870e307489f967d4e983a71533
                                • Instruction ID: a78cfd0b9270fbc957f26d060db1fd6e4701ff54386e2177030bcded4812dd30
                                • Opcode Fuzzy Hash: 83ca78ad02c8d2a9b9c6397df600287f555a42870e307489f967d4e983a71533
                                • Instruction Fuzzy Hash: 8321F8B54093846FE7128B25DC41FA2BFA8EF47720F1884D7EE949B293D2646909C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2874, Relevance: 1.6, APIs: 1, Instructions: 79timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetProcessTimes.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E28FD
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: ProcessTimes
                                • String ID:
                                • API String ID: 1995159646-0
                                • Opcode ID: 1b6403824864cff43d8b7332ab07d927ec9c5f9805f21f70c41bdca56f5fdb72
                                • Instruction ID: 5c8893d596fa8b2f5cea6b5f51dd45ced2183d19b7c58a06d8ba56e10226fe67
                                • Opcode Fuzzy Hash: 1b6403824864cff43d8b7332ab07d927ec9c5f9805f21f70c41bdca56f5fdb72
                                • Instruction Fuzzy Hash: F821E272105340AFEB228F25DC44F67BFB8EF06310F0884ABEA849B252D230A449CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1650, Relevance: 1.6, APIs: 1, Instructions: 78registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegEnumKeyExW.KERNELBASE(?,00000E2C,?,?), ref: 055E16F6
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Enum
                                • String ID:
                                • API String ID: 2928410991-0
                                • Opcode ID: aff1fb5d8300f74cd92f1b1d23ef26d4f636337d736bd8be217bd1469f11bdfc
                                • Instruction ID: 8e71b9f1f287c6322d0d980bf55b1708567ebbd289d8aa81dfb888f204d8a968
                                • Opcode Fuzzy Hash: aff1fb5d8300f74cd92f1b1d23ef26d4f636337d736bd8be217bd1469f11bdfc
                                • Instruction Fuzzy Hash: A221716550E3C06FC3138B358C55A22BFB4EF87A10F1D81DFD9848B6A3D225A919C7A2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2172, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                Download Yara Rule
                                APIs
                                • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E2C), ref: 055E21E3
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: DescriptorSecurity$ConvertString
                                • String ID:
                                • API String ID: 3907675253-0
                                • Opcode ID: 0fc554135ce9095f32ec35af499226bf997af6f8c3fb94a2e7ed0fa4fa839c75
                                • Instruction ID: b4b16a79d73c2ea8d5a3d0f22636bb1c40b6055564183864924c3aa0a8f11702
                                • Opcode Fuzzy Hash: 0fc554135ce9095f32ec35af499226bf997af6f8c3fb94a2e7ed0fa4fa839c75
                                • Instruction Fuzzy Hash: AD218B72500204AFEB20DB69DC85F6BBBACFF44720F14886AEE45DB245D664A5098BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E0E32, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                Download Yara Rule
                                APIs
                                • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 055E0EB1
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: CreateFile
                                • String ID:
                                • API String ID: 823142352-0
                                • Opcode ID: b06be0b04df112e9b355dd2c848a9b20dd9c51675ae969d7d10d5850623b4aa0
                                • Instruction ID: b4506b1b2dec6f0dd9d87d02d771408e9049c12b2ccf87f682c9061a70e338f7
                                • Opcode Fuzzy Hash: b06be0b04df112e9b355dd2c848a9b20dd9c51675ae969d7d10d5850623b4aa0
                                • Instruction Fuzzy Hash: CE21AE71504200AFEB21CF65CC89F66FBE8FF08310F18846AEA859B292D3B1E404CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E069C, Relevance: 1.6, APIs: 1, Instructions: 76libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 055E0737
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: LibraryLoad
                                • String ID:
                                • API String ID: 1029625771-0
                                • Opcode ID: ade5f3ce9dc407b835b4396c0681323fdd586f2ca39c4d1a868e8b0cc8303c21
                                • Instruction ID: cc390a4e60e847f2520acac0b8066f56764ee8691c48e4412fcaa53079f17bcc
                                • Opcode Fuzzy Hash: ade5f3ce9dc407b835b4396c0681323fdd586f2ca39c4d1a868e8b0cc8303c21
                                • Instruction Fuzzy Hash: FE21DA71009380AFE722CB25DC45FA6FFB8EF46720F1484DAED855F192C2A4A949CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB570, Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 00CCB60A
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 6af310c3c3cffad249212343d21cdb8df0ae7a92e2f083f1a7164053807a2525
                                • Instruction ID: 16402b6704abad523358b0b9b0588b6383145f44366b08efef7d50564f97accb
                                • Opcode Fuzzy Hash: 6af310c3c3cffad249212343d21cdb8df0ae7a92e2f083f1a7164053807a2525
                                • Instruction Fuzzy Hash: E421C5755093C06FD3138B25DC51F62BFB8EF87A10F0A81DBE9848B653D225A919C7B2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2CC6, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                Download Yara Rule
                                APIs
                                • ioctlsocket.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2D4F
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: ioctlsocket
                                • String ID:
                                • API String ID: 3577187118-0
                                • Opcode ID: 352a6b7faa6756f42885e93ecab3ed379f6b8bc2c9e9d09b335be50de97cef02
                                • Instruction ID: 2eb06619be5c1672aeda53b5d1243bbfe5c852b12ae894ce40c7ec1c5212360f
                                • Opcode Fuzzy Hash: 352a6b7faa6756f42885e93ecab3ed379f6b8bc2c9e9d09b335be50de97cef02
                                • Instruction Fuzzy Hash: 4421B371409384AFE712CB65DC85F96BFB8EF46310F0884DBEA849F152D264A509C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1E2F, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                Download Yara Rule
                                APIs
                                • setsockopt.WS2_32(?,?,?,?,?), ref: 055E1EAC
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: setsockopt
                                • String ID:
                                • API String ID: 3981526788-0
                                • Opcode ID: 2e6fff7da86956114b533939b9cc93c4a485c6402515e8978dea62b3617faa84
                                • Instruction ID: e685211b12156a8d383bdb3f37e407b2bd87be35b655b5ac9a51cc72afe2da19
                                • Opcode Fuzzy Hash: 2e6fff7da86956114b533939b9cc93c4a485c6402515e8978dea62b3617faa84
                                • Instruction Fuzzy Hash: 60219C764097C09FCB228F65D844AA2BFB4EF07320F0D84DAE9848F163D2359559CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA90A, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00CCA989
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 75f2509125fa7f30c77b6944a8332cd8a06e4830eda98f9dfb54032a0661f58c
                                • Instruction ID: 286e5b2b56585505a0b4dc0e59cc2afcd007223b3961c5d59e46de1f30ae621a
                                • Opcode Fuzzy Hash: 75f2509125fa7f30c77b6944a8332cd8a06e4830eda98f9dfb54032a0661f58c
                                • Instruction Fuzzy Hash: F021AE72500608AFE7219B65CC89F6BFBECEF14714F14895BEE459B241D670E9088BB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1742, Relevance: 1.6, APIs: 1, Instructions: 73registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 055E17B6
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 7734e4b89ad0491c63293115a8bb29807ed39d0bd384d22d6aeca3d40882dc50
                                • Instruction ID: e8cae6667700ce707d4d4a37d89fd8941ebd12cdba6c0c836ff358ce6ee3ae43
                                • Opcode Fuzzy Hash: 7734e4b89ad0491c63293115a8bb29807ed39d0bd384d22d6aeca3d40882dc50
                                • Instruction Fuzzy Hash: 63219D71500604AFEB20DF25DC45F6BFBA8EF04720F14886AEE449B641D674A409CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2F88, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                Download Yara Rule
                                APIs
                                • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E301D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: AdaptersAddresses
                                • String ID:
                                • API String ID: 2506852604-0
                                • Opcode ID: 45f9632b772f2efc3ee66926b37e7244029fd3a6f3db35181a7ffa7c3ceb75e7
                                • Instruction ID: 89c87ce7c776a31f55bb58999a9bb04d2cf452844b063bc5e4bbdbd8e6f560ad
                                • Opcode Fuzzy Hash: 45f9632b772f2efc3ee66926b37e7244029fd3a6f3db35181a7ffa7c3ceb75e7
                                • Instruction Fuzzy Hash: 8F21C572409384AFEB228B15DC45F66FFB8EF06314F0984DBEA849B153C265A508CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB636, Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcessModules.KERNEL32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCB6B2
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: EnumModulesProcess
                                • String ID:
                                • API String ID: 1082081703-0
                                • Opcode ID: 4952a78b98e2dd9909a9400503103e26c904c7c9a50280bd41df54463d0e3bd1
                                • Instruction ID: 5a31167c017444b5533d4ec99e9f4c1c5ca48322e181bcdd695865e2746748b0
                                • Opcode Fuzzy Hash: 4952a78b98e2dd9909a9400503103e26c904c7c9a50280bd41df54463d0e3bd1
                                • Instruction Fuzzy Hash: B921C571504384AFE711CF65DC45F57FFA8EF46310F0884ABEA44DB152D264A908C771
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2DD2, Relevance: 1.6, APIs: 1, Instructions: 72networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAIoctl.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2E4D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Ioctl
                                • String ID:
                                • API String ID: 3041054344-0
                                • Opcode ID: 49993f861cde9419af1ac14b031765bfed4326daa24031d2424f43184d3ac248
                                • Instruction ID: bb2729638c01de61a3b77d9cec6d62450e44f20e3f04ecd8afadf0e64229fd01
                                • Opcode Fuzzy Hash: 49993f861cde9419af1ac14b031765bfed4326daa24031d2424f43184d3ac248
                                • Instruction Fuzzy Hash: 27216875500604AEEB21CF55DC84FA6BBECFF08710F0889AAEE498B255D270E408CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E26C6, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                Download Yara Rule
                                APIs
                                • CreateMutexW.KERNELBASE(?,?), ref: 055E2739
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: CreateMutex
                                • String ID:
                                • API String ID: 1964310414-0
                                • Opcode ID: f7ba341ec36301bf9c47896383d4b73c147f65a94bee762c8365578bba7559ec
                                • Instruction ID: 57905b00f5a330b81084c7ceab693c51c2a646b9bf2b74228913fcf00f01cbb3
                                • Opcode Fuzzy Hash: f7ba341ec36301bf9c47896383d4b73c147f65a94bee762c8365578bba7559ec
                                • Instruction Fuzzy Hash: DB21BBB5504204AFE724DF25C885F66FBECFF04710F1484AAEE898B245D771E805CAB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCACEF, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00CCAD6A
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: 2f11b75cffbb4386353592813a23118f9a564d09e7d65cc60e14edb680a63444
                                • Instruction ID: 7b27b07b1a7db97eb625de5f44ec3d94a31b033cb27995f8bb46c7ceeedbac34
                                • Opcode Fuzzy Hash: 2f11b75cffbb4386353592813a23118f9a564d09e7d65cc60e14edb680a63444
                                • Instruction Fuzzy Hash: C8217FB65093845FD7128B65DC85B92BFE8AF06310F0980EAD985CB663D2649948C762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E10BA, Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                Download Yara Rule
                                APIs
                                • ReadFile.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E1139
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: 57f352d0092c646970328b0629301af416fdd90aca73d5fc6d37ec3db698f2d8
                                • Instruction ID: 21626cb2cc4a998ac6876418234c21f664e300d994f92d2e8209d3cb79c41746
                                • Opcode Fuzzy Hash: 57f352d0092c646970328b0629301af416fdd90aca73d5fc6d37ec3db698f2d8
                                • Instruction Fuzzy Hash: 9A218E72409384AFEB228F65DC45F67BFB8EF46310F08849BEA449B252D274A408CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E305A, Relevance: 1.6, APIs: 1, Instructions: 69networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 055E30DE
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Connect
                                • String ID:
                                • API String ID: 3144859779-0
                                • Opcode ID: f2600eff6dbbee627cb7ae64207e9f4b33dddc3a57cd95bc69a8be8416fce35e
                                • Instruction ID: 330c829591b6df17438f7db5b9978bd89fdf5ecbd264830280f4bbbc8eefc812
                                • Opcode Fuzzy Hash: f2600eff6dbbee627cb7ae64207e9f4b33dddc3a57cd95bc69a8be8416fce35e
                                • Instruction Fuzzy Hash: 2D218C76409384AFDB228F61DC85A92BFF4FF06210F0984DEE9858B163D275A808DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E184E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E18C0
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: e3bc42154bcc0f4a40ae01e0d5acbcf7cd898e5697a25feefb3ce86ec9c84b04
                                • Instruction ID: b7e64218030aa98eb8a888fd75fb7cdc1a144eef6f1f1f5a393c6556ecb57841
                                • Opcode Fuzzy Hash: e3bc42154bcc0f4a40ae01e0d5acbcf7cd898e5697a25feefb3ce86ec9c84b04
                                • Instruction Fuzzy Hash: 21216A72504604AEEB20CF25DC85FA7BBACFF04710F14886AEE499B251D670E508CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAA12, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCAA8C
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 24bff685878195d225028f77ac31ac671a364dbd548d96e7b3ad031481df1659
                                • Instruction ID: f9523f656cc1c2b1359da0a63f2d9d09302ad62dc5d99ca4877d8702c49ff3c1
                                • Opcode Fuzzy Hash: 24bff685878195d225028f77ac31ac671a364dbd548d96e7b3ad031481df1659
                                • Instruction Fuzzy Hash: D8219071600608AFE720CF15CD89FA7FBECEF04714F18846AEE559B251D660E909DE72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1B67, Relevance: 1.6, APIs: 1, Instructions: 68networkCOMMON
                                Download Yara Rule
                                APIs
                                • GetNetworkParams.IPHLPAPI(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E1BE8
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: NetworkParams
                                • String ID:
                                • API String ID: 2134775280-0
                                • Opcode ID: a5a458b8b7bb6d3e31c070c098d941342bc2d8abb3c633721370a97fbfe52858
                                • Instruction ID: a4bcfdb48ae32a4980f086470b9f2d039360e081b518a2f95b403783774bc8d4
                                • Opcode Fuzzy Hash: a5a458b8b7bb6d3e31c070c098d941342bc2d8abb3c633721370a97fbfe52858
                                • Instruction Fuzzy Hash: E021A571508784AFE7128B15DC45F66FFB8EF46310F0884DBED849B153C265A549CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2322, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • OpenFileMappingW.KERNELBASE(?,?), ref: 055E238D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileMappingOpen
                                • String ID:
                                • API String ID: 1680863896-0
                                • Opcode ID: b3508c30d0d4f4c8ee7ba5939147626c1de005699ee71ba8cf651fa3a06f1f4f
                                • Instruction ID: e5854fa900f493312c13370ff2bb8207aa145a55d1c3bda54c86742dbfbaa03b
                                • Opcode Fuzzy Hash: b3508c30d0d4f4c8ee7ba5939147626c1de005699ee71ba8cf651fa3a06f1f4f
                                • Instruction Fuzzy Hash: 1221AEB5504204AFE724DF25DC45F66FBE8FF08320F14846AEE458B245D3B1E804CA71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAFD4, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00CCB040
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 0fef112f3e77acae5b06dda8d13f97483c7d6e3e3a14604a2d1b62905ad7cfb4
                                • Instruction ID: c3f649c8d8a1df7640be87b7128da4926e9750aab902d47e421913ef55f99aaa
                                • Opcode Fuzzy Hash: 0fef112f3e77acae5b06dda8d13f97483c7d6e3e3a14604a2d1b62905ad7cfb4
                                • Instruction Fuzzy Hash: 6D21A1B25093C45FDB128B25DC55B92BFA4AF07324F0980DAED858F263D265A908CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1D6A, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Socket
                                • String ID:
                                • API String ID: 38366605-0
                                • Opcode ID: 2b076f095b6d1ac4f0d77f862b4f81fc79c2b4ab3e9e4d3c38378a0a0206d45b
                                • Instruction ID: b49df54bc12138db63b46b40d75a9156de509782b12d4fc3fe9eeb4b9f8eddf9
                                • Opcode Fuzzy Hash: 2b076f095b6d1ac4f0d77f862b4f81fc79c2b4ab3e9e4d3c38378a0a0206d45b
                                • Instruction Fuzzy Hash: 2421BB71500600AFEB21DF65D945FA6FFE9EF08310F14896AEE858B641D3B1A408CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2422, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileView
                                • String ID:
                                • API String ID: 3314676101-0
                                • Opcode ID: c1b926148e7675eede0d78821c33feaf9f9aaebf9257b0a448eaf24a71105931
                                • Instruction ID: a89ca297f19b3d5203f561b96b122eff30d87e3bc99d632640db33ca40afc3d4
                                • Opcode Fuzzy Hash: c1b926148e7675eede0d78821c33feaf9f9aaebf9257b0a448eaf24a71105931
                                • Instruction Fuzzy Hash: 4921AC71500204AFE721CF25DC85FAAFBE8FF08320F14845EEA899B641D3B1A548CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB73E, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                Download Yara Rule
                                APIs
                                • K32GetModuleInformation.KERNEL32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCB7A2
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: InformationModule
                                • String ID:
                                • API String ID: 3425974696-0
                                • Opcode ID: db29e83614ff8eca23315534b2ad2b08f864ad494682052307b95e9483af43ca
                                • Instruction ID: 74a56386ae46901e5e60e54ba96e2ac626f571588ceba68e70d73ffcd01f27a6
                                • Opcode Fuzzy Hash: db29e83614ff8eca23315534b2ad2b08f864ad494682052307b95e9483af43ca
                                • Instruction Fuzzy Hash: F7117C71500244AFEB20CF65DC86F6ABBACEF45320F1484ABEE49DB251D764E908CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAC3B, Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00CCACA8
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 9290e284c290b6fa0e8513c400ede28e5086a89d3c283dbbfaa1d66e7906137e
                                • Instruction ID: 7e3feaff831c67fef1e7c3d1e6404a26b466096fb241b2ba5acc8b68f1e02f4d
                                • Opcode Fuzzy Hash: 9290e284c290b6fa0e8513c400ede28e5086a89d3c283dbbfaa1d66e7906137e
                                • Instruction Fuzzy Hash: 052190B54093C46FEB128B25DC95B92BFB4EF07324F0984DBED848F253D2659948CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2086, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E20F8
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 7928ef99a55fe2d101a09964e23477cc9c8a5297c38409dd1830848ac1ba159a
                                • Instruction ID: 51c80ff203a4cc8f6ae0560d3a2c36b0555bccc641b4b00a31a65036003bbf41
                                • Opcode Fuzzy Hash: 7928ef99a55fe2d101a09964e23477cc9c8a5297c38409dd1830848ac1ba159a
                                • Instruction Fuzzy Hash: DE11AC7A504604AFEB21CF15CC81F67FBECFF04720F04846AEA4A9B255D664E508CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAAFB, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                Download Yara Rule
                                APIs
                                • MkParseDisplayName.OLE32(?,00000E2C,?,?), ref: 00CCAB7E
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: DisplayNameParse
                                • String ID:
                                • API String ID: 3580041360-0
                                • Opcode ID: 1a1f9ffb3ee48515d2fcf2bf208a068d93c3469cceab06831cb1ba9b9951c1a6
                                • Instruction ID: d3e97421deb92714537b29c0cdedbe745af24eef657dd0753c2d4b95f7935732
                                • Opcode Fuzzy Hash: 1a1f9ffb3ee48515d2fcf2bf208a068d93c3469cceab06831cb1ba9b9951c1a6
                                • Instruction Fuzzy Hash: 6D11D6715083806FD311CB26CC41F72BFB8EF86720F19818AED848B652D221B915CBA6
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E289E, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                Download Yara Rule
                                APIs
                                • GetProcessTimes.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E28FD
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: ProcessTimes
                                • String ID:
                                • API String ID: 1995159646-0
                                • Opcode ID: e7e7e1ae09c1b97288d3dd94e8a5311e1847657b3e3f93e75e2285785d8dafa0
                                • Instruction ID: 69e171883df9fd1f3192e1c8726128eff9aad0536ab70db55177b4877fbb4867
                                • Opcode Fuzzy Hash: e7e7e1ae09c1b97288d3dd94e8a5311e1847657b3e3f93e75e2285785d8dafa0
                                • Instruction Fuzzy Hash: 0211BB72500204AFEB21CF65DC85FAABBA8FF05320F14846BEA498B251D670A4488BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2EDA, Relevance: 1.6, APIs: 1, Instructions: 63networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAEventSelect.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2F3E
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: EventSelect
                                • String ID:
                                • API String ID: 31538577-0
                                • Opcode ID: 6f047ede0833ee02746d0bd790696ba1efbd9f2702e1981dbfa0d9ebcd4de180
                                • Instruction ID: 5759246f6bad5dc73849df06437231dce44055ab2f1614f81c19b09b26420ced
                                • Opcode Fuzzy Hash: 6f047ede0833ee02746d0bd790696ba1efbd9f2702e1981dbfa0d9ebcd4de180
                                • Instruction Fuzzy Hash: 4111C472400204AEEB21CF55DC85FABFBECEF45320F14846BEE599B245D674A509CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB656, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                Download Yara Rule
                                APIs
                                • K32EnumProcessModules.KERNEL32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCB6B2
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: EnumModulesProcess
                                • String ID:
                                • API String ID: 1082081703-0
                                • Opcode ID: f17f17ef306e8324efc5f97c0b16a7597bacb8982cd6f6f9674a0277f44e5176
                                • Instruction ID: 627aea7f4c47eaf7c3f93a6405d30c3599cb2b3f943428bf7c684c4973207785
                                • Opcode Fuzzy Hash: f17f17ef306e8324efc5f97c0b16a7597bacb8982cd6f6f9674a0277f44e5176
                                • Instruction Fuzzy Hash: A211B271500204AFEB21CF69DC46F67FBA8EF45720F14846BEE459B241D774A908CB71
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA836, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 00CCA8A8
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: e5993418fc28735519322efd99c3b6961aa945891ac57f6f8d77bcfa98bd6c34
                                • Instruction ID: 9e561c846b1bbf8df0f5fb4bf9aaa076d19a74fa353bc9f8ec45e62f2a4b07df
                                • Opcode Fuzzy Hash: e5993418fc28735519322efd99c3b6961aa945891ac57f6f8d77bcfa98bd6c34
                                • Instruction Fuzzy Hash: B02158718093C4AFDB138B258C54A62BFB49F07624F0980DBDD858F1A3D2695908DB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB25A, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • TerminateProcess.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 00CCB2B0
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ProcessTerminate
                                • String ID:
                                • API String ID: 560597551-0
                                • Opcode ID: 1d2ec6e24b29f97cad0a2e84f2ac00c00b5f87a84da4154daa236533b482ebe1
                                • Instruction ID: 3f6508eb9d254f82474a136d751f7c5568cac6351b2802ff3da102b13863033d
                                • Opcode Fuzzy Hash: 1d2ec6e24b29f97cad0a2e84f2ac00c00b5f87a84da4154daa236533b482ebe1
                                • Instruction Fuzzy Hash: 8811C671504204AFEB10CF6ADC86F6BFB9CEF45320F1484ABEE05DB241D6B4A9048BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA78B, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CCA7F6
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: ddd69dc1708a9df44487fcd910febe73d906c0f4712afae94a9845fc387ada42
                                • Instruction ID: 3b25f2223a28964c3eda054a200988b2364c812e6b52ad9b73845a46068ac24b
                                • Opcode Fuzzy Hash: ddd69dc1708a9df44487fcd910febe73d906c0f4712afae94a9845fc387ada42
                                • Instruction Fuzzy Hash: 9C119071409384AFDB228F51DC44A62FFF4EF4A310F08859AEE858B152D275A518DB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E10DA, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                Download Yara Rule
                                APIs
                                • ReadFile.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E1139
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: 858e2e13c795ed71d08ab7c2039a404ea85fef32ce91dfba3b08becfd807bcf9
                                • Instruction ID: 42d7b0f1b5763732c2c2ddf9d000a1a64959c36dfc0c60bad728ba23705005c9
                                • Opcode Fuzzy Hash: 858e2e13c795ed71d08ab7c2039a404ea85fef32ce91dfba3b08becfd807bcf9
                                • Instruction Fuzzy Hash: BF11BF72400604AEEB21CF55DC45F67FBA8EF05720F14846BEE499B251D674A409CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCBAEE, Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00CCBB66
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: fb0cc5c4c865b16d7e51136227297163b0e50e8bfca43c9a2d0d0aeb2f276364
                                • Instruction ID: f31bffc2919c26372bd34d9db9020a838b5571b2545a80cd9d734fa68a406d4a
                                • Opcode Fuzzy Hash: fb0cc5c4c865b16d7e51136227297163b0e50e8bfca43c9a2d0d0aeb2f276364
                                • Instruction Fuzzy Hash: FF11C8715093806FD311CB15CC45F66FFB4EF86610F19819FED484B652D224B915CBA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E191A, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • GlobalMemoryStatusEx.KERNELBASE(?), ref: 055E1978
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: GlobalMemoryStatus
                                • String ID:
                                • API String ID: 1890195054-0
                                • Opcode ID: 5446354b8ba81c862e8ad29a51033d0901e8bdc1bcb3451ef838783ac2a42bb6
                                • Instruction ID: 67ac8fd40eb2109097a410c40fb2fb2b138234f39d0e534784d2b67c2a234436
                                • Opcode Fuzzy Hash: 5446354b8ba81c862e8ad29a51033d0901e8bdc1bcb3451ef838783ac2a42bb6
                                • Instruction Fuzzy Hash: 9811B2715093C4AFDB128F65DC45B62BFF8EF06220F0884EBED858F262D275A548CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2CF6, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                Download Yara Rule
                                APIs
                                • ioctlsocket.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2D4F
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: ioctlsocket
                                • String ID:
                                • API String ID: 3577187118-0
                                • Opcode ID: 4e6f51516dc0df3e067cdd87249e026692b1bfc80efb4a65d036c0f634f75c66
                                • Instruction ID: c2b8d39498021ddfec5cbe7b47e215a4baa37da0eac9d2312595e8d2694cd345
                                • Opcode Fuzzy Hash: 4e6f51516dc0df3e067cdd87249e026692b1bfc80efb4a65d036c0f634f75c66
                                • Instruction Fuzzy Hash: E311E071400204AEEB20CF15DD85FA6FBACEF45320F14C4ABEE099B245D2B4A4098BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E27CE, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                Download Yara Rule
                                APIs
                                • shutdown.WS2_32(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E2824
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: shutdown
                                • String ID:
                                • API String ID: 2510479042-0
                                • Opcode ID: 5d7a396be4dce628801834162c1f75d06bcec9f3639765f8e7b9a73ab931c918
                                • Instruction ID: 7e96110053983cf33e2b2ac530e3b2640a7058ddc80054692a6825a6fbe3d542
                                • Opcode Fuzzy Hash: 5d7a396be4dce628801834162c1f75d06bcec9f3639765f8e7b9a73ab931c918
                                • Instruction Fuzzy Hash: 6511C271404304AEEB20CF15DC85F67FB9CEF45320F14C4ABEE489B245D6B4A4058BB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E06CE, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                Download Yara Rule
                                APIs
                                • LoadLibraryA.KERNELBASE(?,00000E2C), ref: 055E0737
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: LibraryLoad
                                • String ID:
                                • API String ID: 1029625771-0
                                • Opcode ID: 88b2b022a38bca4e4f9c345a2f7c2b723d4d1f7662c2e121f2bc088d0ec8f340
                                • Instruction ID: 2ac0a1a61af5b231fc48eb7c60ffc1dd42148fcc304fe14c10947c09537daa11
                                • Opcode Fuzzy Hash: 88b2b022a38bca4e4f9c345a2f7c2b723d4d1f7662c2e121f2bc088d0ec8f340
                                • Instruction Fuzzy Hash: A711E571500704EFFB20DB15DC89F76FB98EF05720F14C45AEE455A291D2F4A548CAB5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E2FBE, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                Download Yara Rule
                                APIs
                                • GetAdaptersAddresses.IPHLPAPI(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E301D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: AdaptersAddresses
                                • String ID:
                                • API String ID: 2506852604-0
                                • Opcode ID: 6ec4eecaeb9a5db4b392835cc8ec1503c4ea73f32e1cecb9de457250fac665c9
                                • Instruction ID: d2d0eb43742a42c789bc6c96587b2a0e62c11a7e937e5715b496131f769f95a2
                                • Opcode Fuzzy Hash: 6ec4eecaeb9a5db4b392835cc8ec1503c4ea73f32e1cecb9de457250fac665c9
                                • Instruction Fuzzy Hash: 6C11AC71400604EEEB22CF15DC81F66FBA8EF05720F1488ABEE455B251C275B509CBB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA078, Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: send
                                • String ID:
                                • API String ID: 2809346765-0
                                • Opcode ID: 9ed155ca77b1d35ccad48881fd9c6a905dd7d8ff03dc7f2e09250a56249ffd2d
                                • Instruction ID: 756827e6125ad40aa0e0f394410f810f9522f3b2dd991ecb81169ccf6bb04d6e
                                • Opcode Fuzzy Hash: 9ed155ca77b1d35ccad48881fd9c6a905dd7d8ff03dc7f2e09250a56249ffd2d
                                • Instruction Fuzzy Hash: A5118F71409384AFDB22CF15DC44F56FFB4EF46224F08849EEE888B252D275A918DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1B92, Relevance: 1.6, APIs: 1, Instructions: 53networkCOMMON
                                Download Yara Rule
                                APIs
                                • GetNetworkParams.IPHLPAPI(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E1BE8
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: NetworkParams
                                • String ID:
                                • API String ID: 2134775280-0
                                • Opcode ID: 99b78cd5ed8cc8af6f8a94dd6d28a3767cb832a01ca93e109324fab53ac1cee3
                                • Instruction ID: 44ef71640c97294668b0443dcbb67bc51833b390aa41770f1582ca43b44a3348
                                • Opcode Fuzzy Hash: 99b78cd5ed8cc8af6f8a94dd6d28a3767cb832a01ca93e109324fab53ac1cee3
                                • Instruction Fuzzy Hash: 0A010071500604AEEB20CF15CC81F67FFACEF45320F1484ABEE089B241D6B4A409CBB1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAD22, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                Download Yara Rule
                                APIs
                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 00CCAD6A
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: LookupPrivilegeValue
                                • String ID:
                                • API String ID: 3899507212-0
                                • Opcode ID: eb42621b4b2527c51254105e3e4d84689a66db8a9553b91b1b58271cd11ea90c
                                • Instruction ID: ee1542d68840c4a77e5aedde86328beb2f3e01987ef3c8cde98b7d717a504ca9
                                • Opcode Fuzzy Hash: eb42621b4b2527c51254105e3e4d84689a66db8a9553b91b1b58271cd11ea90c
                                • Instruction Fuzzy Hash: B511A5B1A002049FDB60CF29D849B56FBE8EF04725F18C46EDD4ACB641D674E904CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E0F4A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                • GetFileType.KERNELBASE(?,00000E2C,6121FDC6,00000000,00000000,00000000,00000000), ref: 055E0F9D
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: FileType
                                • String ID:
                                • API String ID: 3081899298-0
                                • Opcode ID: f17536eb6552dd194fb74b2df132625d8eaf24bd6d0eae53cdecc6a043108ace
                                • Instruction ID: a56a9d2d698d828d60dddb32ba9ca0c3b30b7e78510ae90f8dae4e16f79416b8
                                • Opcode Fuzzy Hash: f17536eb6552dd194fb74b2df132625d8eaf24bd6d0eae53cdecc6a043108ace
                                • Instruction Fuzzy Hash: B5012271400204EEEB20CB15CC85F67FFA8EF05320F14C49BEE049B291C2B4A5088AB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E12F4, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: CloseFind
                                • String ID:
                                • API String ID: 1863332320-0
                                • Opcode ID: da2e17e8bfc23de375b927cf539e58a4b3e320f1c2468467ba68350b320b2f41
                                • Instruction ID: d4ffe91536f3d8d1b83b734a2742ddfbcfb36f33604c73b0ee9fefb623116e3a
                                • Opcode Fuzzy Hash: da2e17e8bfc23de375b927cf539e58a4b3e320f1c2468467ba68350b320b2f41
                                • Instruction Fuzzy Hash: CA11C2725093849FDB128B25DC84B52FFB4EF07220F0880DBED858B262D275A908CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E3092, Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 055E30DE
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Connect
                                • String ID:
                                • API String ID: 3144859779-0
                                • Opcode ID: ede2e352f9f60d3d39aa10c42665632c4f01a5b2ea759532cc9d3270dca25aca
                                • Instruction ID: 25ffcde2b58f326562c8a029cc3b3d6bb7f4f849427e546e3a411c51b58540b3
                                • Opcode Fuzzy Hash: ede2e352f9f60d3d39aa10c42665632c4f01a5b2ea759532cc9d3270dca25aca
                                • Instruction Fuzzy Hash: F0115A75500704AFDB21CF55D845B66FBE4FF08310F0888AADE498B622D271B418CB61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB85E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                Download Yara Rule
                                APIs
                                • K32GetModuleFileNameExW.KERNEL32(?,00000E2C,?,?), ref: 00CCB8AE
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: FileModuleName
                                • String ID:
                                • API String ID: 514040917-0
                                • Opcode ID: 62a410daca128c90a9f695e14544ad30c57bb26ab7657257e531bda26174233a
                                • Instruction ID: 5323197012f4ab108c3dfec0de10813ffe4ec3fd21a33f7cb916003aafbe0360
                                • Opcode Fuzzy Hash: 62a410daca128c90a9f695e14544ad30c57bb26ab7657257e531bda26174233a
                                • Instruction Fuzzy Hash: 20017172900604ABD710DF16DC86F36FBA8EB88B20F14816AED089B741E371B515CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB366, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                Download Yara Rule
                                APIs
                                • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 00CCB3B6
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: FormatMessage
                                • String ID:
                                • API String ID: 1306739567-0
                                • Opcode ID: 2250248f67a5458aaeabdf4f2d3d3afcb9ed054b9d5eb5a5c7ae4f3ce47147bc
                                • Instruction ID: 6a979049ef342ea09b92c004253af71232e35943f51ca341aee81dc66b82f467
                                • Opcode Fuzzy Hash: 2250248f67a5458aaeabdf4f2d3d3afcb9ed054b9d5eb5a5c7ae4f3ce47147bc
                                • Instruction Fuzzy Hash: 01017172900604ABD710DF16DC86F36FBA8EB88B20F14816AED089B741E371B515CBE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                                Download Yara Rule
                                APIs
                                • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 00CCA1C2
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: Startup
                                • String ID:
                                • API String ID: 724789610-0
                                • Opcode ID: 8e31b3ef656106d6afce0de88c84bb0908d1d44d1f60b83c69e253d6975a244b
                                • Instruction ID: ee4da3b390157f5730be2bee6daeff47d8a1549b840866e3d3331c0e21df61c6
                                • Opcode Fuzzy Hash: 8e31b3ef656106d6afce0de88c84bb0908d1d44d1f60b83c69e253d6975a244b
                                • Instruction Fuzzy Hash: B2017171900604ABD710DF16DC86B36FBA8EB88B20F14816AED089B741E375B515CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA7B2, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                Download Yara Rule
                                APIs
                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CCA7F6
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: DuplicateHandle
                                • String ID:
                                • API String ID: 3793708945-0
                                • Opcode ID: a386dd0a021acf30bb8bf4dcf16b5b7502ee69936fae5b8a98a32be8e6b94912
                                • Instruction ID: fef88a01ca2a08bc43f4cb1120e2ed9016404dc2db33cb8780e781804d7aae1c
                                • Opcode Fuzzy Hash: a386dd0a021acf30bb8bf4dcf16b5b7502ee69936fae5b8a98a32be8e6b94912
                                • Instruction Fuzzy Hash: 92016D31800604EFDB218F55D848B66FFE4EF08320F18C5AEDE494B652D275A519DF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1946, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • GlobalMemoryStatusEx.KERNELBASE(?), ref: 055E1978
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: GlobalMemoryStatus
                                • String ID:
                                • API String ID: 1890195054-0
                                • Opcode ID: 1df7606199c20953d5a292af55d6c3a8bf201aac8597bebb35b8ce8fd5cd1465
                                • Instruction ID: e5488f092fd3ab2b7470a5283796326140256c72650cfbca65996c338a976aed
                                • Opcode Fuzzy Hash: 1df7606199c20953d5a292af55d6c3a8bf201aac8597bebb35b8ce8fd5cd1465
                                • Instruction Fuzzy Hash: 3E018F719046449FDB14CF29D985B66FF94EF04320F18C4ABDE49CB346D6B5A448CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1E6E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • setsockopt.WS2_32(?,?,?,?,?), ref: 055E1EAC
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: setsockopt
                                • String ID:
                                • API String ID: 3981526788-0
                                • Opcode ID: 1cc50a568e89fcff1c07459fba816b601f85ffc76be35cfe9b2a23f61ba564a3
                                • Instruction ID: 427042e34c812fc62189818db34b52cc6c0117e62627ce1f6ef20db11ebfeb72
                                • Opcode Fuzzy Hash: 1cc50a568e89fcff1c07459fba816b601f85ffc76be35cfe9b2a23f61ba564a3
                                • Instruction Fuzzy Hash: FE019E71800644DFDB21CF55D944B66FFE4FF08320F18C4AAEE494B216D275A018CBB2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E16A6, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegEnumKeyExW.KERNELBASE(?,00000E2C,?,?), ref: 055E16F6
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: Enum
                                • String ID:
                                • API String ID: 2928410991-0
                                • Opcode ID: 2245a4731a17c3ffdcbf3fe3e42ea7cbef1509e7d287245e5800d3b7e4eb22e7
                                • Instruction ID: 4be8160ceb96a5064e39192506d46c493152328255c3ed17ae4d046bb1b600ae
                                • Opcode Fuzzy Hash: 2245a4731a17c3ffdcbf3fe3e42ea7cbef1509e7d287245e5800d3b7e4eb22e7
                                • Instruction Fuzzy Hash: 55018F72500604ABD210DF16DC86F26FBA8EB88B20F14811AED084B741E331B515CBE5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAC76, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00CCACA8
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: bc752302c53b12afa29b99e86cb6b19e9d6d933a5c6f8b9f187d1a0a82db50e4
                                • Instruction ID: 7f41242de9f4f049164a5efa647448e559c8ec56a5951666de3d5b890744776f
                                • Opcode Fuzzy Hash: bc752302c53b12afa29b99e86cb6b19e9d6d933a5c6f8b9f187d1a0a82db50e4
                                • Instruction Fuzzy Hash: E40184719042449FDB10CF1AD889766FF94EF04324F28C0AFDD098B255D675A948CB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB00E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • FindCloseChangeNotification.KERNELBASE(?), ref: 00CCB040
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ChangeCloseFindNotification
                                • String ID:
                                • API String ID: 2591292051-0
                                • Opcode ID: 601b6ddd8038a0800df6869b0bcda5195e1e31d49f2174290c3bc2fa455c2b20
                                • Instruction ID: 3ebf1325e4565a56e4dc3b502a3d47c2e26eeab3c5a850ba667b77da38619d1d
                                • Opcode Fuzzy Hash: 601b6ddd8038a0800df6869b0bcda5195e1e31d49f2174290c3bc2fa455c2b20
                                • Instruction Fuzzy Hash: BF01BCB15006049FDB10CF6AD886B57FFA4EF00320F18C0ABDD598B602D6B5A908CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCBB16, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 00CCBB66
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: NameUser
                                • String ID:
                                • API String ID: 2645101109-0
                                • Opcode ID: 3d19ab482dee28ebb48ef5a074640c5a2e2b7125577064778cecf6504ce15a31
                                • Instruction ID: c749ff856c81137fb4971b34de9baea73a15221f2f3c4a89b2af260296e36153
                                • Opcode Fuzzy Hash: 3d19ab482dee28ebb48ef5a074640c5a2e2b7125577064778cecf6504ce15a31
                                • Instruction Fuzzy Hash: 73018F71500604ABD610DF16DC86B26FBA8EB88B20F14815AED084B741E331B515CAA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCAB2E, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • MkParseDisplayName.OLE32(?,00000E2C,?,?), ref: 00CCAB7E
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: DisplayNameParse
                                • String ID:
                                • API String ID: 3580041360-0
                                • Opcode ID: 7e2d8548638fd9e62a5c957c9995cdd4dd59739bf1011819108aefc8129428eb
                                • Instruction ID: b91c9863dd5b335311bf4ab23f734b115756def87d03474fb9ad54ecb75d42ef
                                • Opcode Fuzzy Hash: 7e2d8548638fd9e62a5c957c9995cdd4dd59739bf1011819108aefc8129428eb
                                • Instruction Fuzzy Hash: 39018F72500604ABD210DF16DC86F26FBA8FB88B20F14811AED084B741E331B515CBA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCB5BA, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 00CCB60A
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: QueryValue
                                • String ID:
                                • API String ID: 3660427363-0
                                • Opcode ID: 34f43380854955c6da5611dcd5671bec7ad3cb6c480f2c8055a55bcdf9049bf9
                                • Instruction ID: ad917b84169712d2d4c77624af72fa263680894305fcf0094ae5c5ff50b9c065
                                • Opcode Fuzzy Hash: 34f43380854955c6da5611dcd5671bec7ad3cb6c480f2c8055a55bcdf9049bf9
                                • Instruction Fuzzy Hash: A8018F72500604ABD210DF16DC86F26FBA8EB88B20F14811AED084B741E371B515CAA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA09A, Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: send
                                • String ID:
                                • API String ID: 2809346765-0
                                • Opcode ID: 725ed75f5cfde2bdded40da10f669bb5e76486c49920f6dc82e06113f3f6abb0
                                • Instruction ID: 886c648202195f51e5f55612783ed166c6f36b66b59b91a680b7d68a36402618
                                • Opcode Fuzzy Hash: 725ed75f5cfde2bdded40da10f669bb5e76486c49920f6dc82e06113f3f6abb0
                                • Instruction Fuzzy Hash: 8E019E31800644DFDB20CF56D848B66FFA4EF04324F18C4AEDE498B212D275A408DB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055E1316, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.600318186.00000000055E0000.00000040.00000001.sdmp, Offset: 055E0000, based on PE: false
                                Similarity
                                • API ID: CloseFind
                                • String ID:
                                • API String ID: 1863332320-0
                                • Opcode ID: 04063cb766a0ffe2d883deab811afe0728b6c86aac4d4d249e27abaa39215f25
                                • Instruction ID: 1b5e0ac61624f36a12d7aebe3373169378c97c6e7f8ad307b20a199c69e1005a
                                • Opcode Fuzzy Hash: 04063cb766a0ffe2d883deab811afe0728b6c86aac4d4d249e27abaa39215f25
                                • Instruction Fuzzy Hash: 1A01D135904A44DFDB24CF19D885766FFA4FF09320F08C0ABDD498B656D2B5E848CAA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA47A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: closesocket
                                • String ID:
                                • API String ID: 2781271927-0
                                • Opcode ID: 8adaa7aca4cecb9fe9ff776d42291e73ede04624ff14783e710e88fa5b5e3bd4
                                • Instruction ID: e8079a53d9fe1e625706d08c82815f62ce99b1393c798ef2edf867d56afda708
                                • Opcode Fuzzy Hash: 8adaa7aca4cecb9fe9ff776d42291e73ede04624ff14783e710e88fa5b5e3bd4
                                • Instruction Fuzzy Hash: 06014F758042489FDB10CF15D889B66FF94EF44324F18D4AADD499B206D2B5A548CA62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CCA876, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                Download Yara Rule
                                APIs
                                • SetErrorMode.KERNELBASE(?), ref: 00CCA8A8
                                Memory Dump Source
                                • Source File: 00000005.00000002.595201473.0000000000CCA000.00000040.00000001.sdmp, Offset: 00CCA000, based on PE: false
                                Similarity
                                • API ID: ErrorMode
                                • String ID:
                                • API String ID: 2340568224-0
                                • Opcode ID: a051bbd85d539f1792abeeef279bf9d4fee3156aab92a588bfb49eceb3188f1c
                                • Instruction ID: f347ab2070c8eda95ca05166da4c988804229f208f6e5bb1b4eafcecbf3be745
                                • Opcode Fuzzy Hash: a051bbd85d539f1792abeeef279bf9d4fee3156aab92a588bfb49eceb3188f1c
                                • Instruction Fuzzy Hash: 91F0AF34904648DFDB20CF16D889B62FFA4EF04724F18C09EDE494B256D3B5A949DF62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05733AD2, Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr
                                • API String ID: 0-3830894600
                                • Opcode ID: 28accf049cabf10945397edd79b8ee71a632f89383da5452f5d695ec4b7b9eac
                                • Instruction ID: b922d9cc497b4ce242f556255d2f105c1ece065931967089b53c03df3c91681d
                                • Opcode Fuzzy Hash: 28accf049cabf10945397edd79b8ee71a632f89383da5452f5d695ec4b7b9eac
                                • Instruction Fuzzy Hash: 4D713131B000549BEF2467BCC855F7E7EE7EB89310F60482AE20AD7396DEA5C941D762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05733AE0, Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID: :@Dr
                                • API String ID: 0-3830894600
                                • Opcode ID: 297bec5fc88352034dfe02e5546e8f8560a803fdcc31aaafb5d17bf017436341
                                • Instruction ID: 85b54bfa5a699a38c2c0c10262dfd79ba6a2419b5a8481860970f906a2c7153f
                                • Opcode Fuzzy Hash: 297bec5fc88352034dfe02e5546e8f8560a803fdcc31aaafb5d17bf017436341
                                • Instruction Fuzzy Hash: EE713031B000549BEF2467BCC855F7E7ADBEB89310F60482AE20AD7396DEA5C941D762
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05730070, Relevance: .9, Instructions: 885COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e87f1775f4c2850f63baffee736cf2c1517da855e6af513906d509cda624dce6
                                • Instruction ID: 5c7a0a4c8947e85dc8cdd000457e8fbca143ff2acf4f59ebb9fff861caebe7b6
                                • Opcode Fuzzy Hash: e87f1775f4c2850f63baffee736cf2c1517da855e6af513906d509cda624dce6
                                • Instruction Fuzzy Hash: 4F52A1317093858FD706D779D859BBA7BF2AF86310F1980A6D508DB393EA34DC068B61
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05731981, Relevance: .6, Instructions: 631COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 823121183ef037cd40fed16b9f4b150ece0e1e34ecc98165824bb4d8f11a6e85
                                • Instruction ID: 309b3a250971c908525a42d7905e93c1f2949c21ea3b84db02eff0a95be96ff8
                                • Opcode Fuzzy Hash: 823121183ef037cd40fed16b9f4b150ece0e1e34ecc98165824bb4d8f11a6e85
                                • Instruction Fuzzy Hash: A7324714F082C58DD73583B88995F6C2F92AB9B224F9BC2E7C1B44F2E7D674854A9313
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05730AE8, Relevance: .6, Instructions: 591COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 79f574b65d8d2cef2c952dd953983a360db765bf758192a20c8c3f6565b9e7d8
                                • Instruction ID: a05fd86d4a4d8e11ca641a438c7d3fd81994d7f982e3bc187b50e480942044b2
                                • Opcode Fuzzy Hash: 79f574b65d8d2cef2c952dd953983a360db765bf758192a20c8c3f6565b9e7d8
                                • Instruction Fuzzy Hash: A8223E30B006048FDB15DBB8D855AAEBBF3AF84310F54856AD905DB395EF349C02DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732838, Relevance: .5, Instructions: 513COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e7f95cc00cc819ddd476e343edbd71c197adfe8d912dd1bfeedd3fff9800cb7d
                                • Instruction ID: da7c2b11a55b6a5fc7438ba1283cddcac8269c85b525a9c5db629b758564669f
                                • Opcode Fuzzy Hash: e7f95cc00cc819ddd476e343edbd71c197adfe8d912dd1bfeedd3fff9800cb7d
                                • Instruction Fuzzy Hash: 06026E35B012058FCB14EBB8D4556AEBBF2AF88314F24856AD506DB396EF34DD02CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05733DF8, Relevance: .3, Instructions: 297COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0c5a22c55fb69f189063c10f406475ddedad1c5f5a2ca5a2079804e742806d5e
                                • Instruction ID: b0361bb3f1429d6ce08bf436728c3e5c07449ea1c3c9212af2a67cf41ae745d3
                                • Opcode Fuzzy Hash: 0c5a22c55fb69f189063c10f406475ddedad1c5f5a2ca5a2079804e742806d5e
                                • Instruction Fuzzy Hash: FCA137B1B042458FDB15A7B9C816BBE3BE69B85310F1488BAD609DB382EE30DC02D751
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05731340, Relevance: .3, Instructions: 292COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 552b3b52b22c4d9b840e5df41556fa2c220e5c661b3e4221d54f3a1a07c36615
                                • Instruction ID: 17905ec2485780f350db980d1deec1b9fec7819e8588f1ce3c5649bbabee2d80
                                • Opcode Fuzzy Hash: 552b3b52b22c4d9b840e5df41556fa2c220e5c661b3e4221d54f3a1a07c36615
                                • Instruction Fuzzy Hash: 72B17E30B00214DFCB14ABB8C859B6DBBE6AF84325F658665E6169B3E1DF70D841CB81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732398, Relevance: .2, Instructions: 229COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a70463596cb48d9e4d7efe75a10bab6f2ba18dda871209d259cd49b8611e92e
                                • Instruction ID: 7cee3714fa24cecdc0f147faa50740c54f1080b692f971ff7143c8bd04106085
                                • Opcode Fuzzy Hash: 1a70463596cb48d9e4d7efe75a10bab6f2ba18dda871209d259cd49b8611e92e
                                • Instruction Fuzzy Hash: 9B915C30A00109DFCB04DFA8C895A9DBBF6FF88310F148569E516AB356DB30AC42DB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732389, Relevance: .2, Instructions: 225COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77e40108f2712e886b1d54d08dfc61cbe589d76bcdb99d7fa7e6cf6759aa0a8b
                                • Instruction ID: 72aab04bad8d7f0c6f631d678855e464f913881b0b255c2835f0f3355b7bb774
                                • Opcode Fuzzy Hash: 77e40108f2712e886b1d54d08dfc61cbe589d76bcdb99d7fa7e6cf6759aa0a8b
                                • Instruction Fuzzy Hash: 15914C74E00109DFCB04DFA8C995AADBBF6FF88310F158169E516AB356DB30AC42DB50
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05734298, Relevance: .2, Instructions: 208COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3aa5e5ccfcd00320f927b4df399a6868b0bb87cdf0db7e1239acda51b2860178
                                • Instruction ID: 147cfc440975a8b0d210b876ad6ac08c20e640ae551e855073065749a0f8048e
                                • Opcode Fuzzy Hash: 3aa5e5ccfcd00320f927b4df399a6868b0bb87cdf0db7e1239acda51b2860178
                                • Instruction Fuzzy Hash: 5A716D35B002049FCB09AFB8C854A9DBBB3AF88311F15842AE506EB3A5DF35DD46DB51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05730A88, Relevance: .2, Instructions: 154COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7e8a6893ec18697a09b578b7139fd730c55fbedc1d0bdc31b6a3bc99cfe6df33
                                • Instruction ID: 32282beefd54d5677eaea6109cd58fd03d23f12d18462cc39966377120aa6875
                                • Opcode Fuzzy Hash: 7e8a6893ec18697a09b578b7139fd730c55fbedc1d0bdc31b6a3bc99cfe6df33
                                • Instruction Fuzzy Hash: 37515231B012458FCB15DF68C899AAEBBF3AF85320F15846AD509D7392EB34DC42DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05730F50, Relevance: .2, Instructions: 151COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e80e966837077a555af1d93711c89eef3cd2efaa10aac08a07a8fb92d40a5dff
                                • Instruction ID: 9a91772fb457f97b71a9ba39d181f5ce3fa44e6461a7abda1ce0ff027f5af741
                                • Opcode Fuzzy Hash: e80e966837077a555af1d93711c89eef3cd2efaa10aac08a07a8fb92d40a5dff
                                • Instruction Fuzzy Hash: C8512B31A006189BDB14DFB9C8556AEBBF3BF88300F51852AD905EB394EF709D06CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732768, Relevance: .1, Instructions: 137COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 172bfac17a37bcb906b2a09194efdb819d75fee4a1c48d888a40856a2aee0c07
                                • Instruction ID: 0d3bb0bda41f23db59db5af4573ad6831a96c08f3ebe4bde48c66c202afc93e5
                                • Opcode Fuzzy Hash: 172bfac17a37bcb906b2a09194efdb819d75fee4a1c48d888a40856a2aee0c07
                                • Instruction Fuzzy Hash: 7741F735F012458FCB55ABB888593AE7BF29FC9310F15447AD50ADB396EE34CC028792
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05730007, Relevance: .1, Instructions: 122COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15586032cedc150e1861fc70e816672874d57d8ddb91ead13f755fdaef582920
                                • Instruction ID: 5e1ca79970f47469c63c6270d9db5fe5721d0eed37f2455486337369d255d4fe
                                • Opcode Fuzzy Hash: 15586032cedc150e1861fc70e816672874d57d8ddb91ead13f755fdaef582920
                                • Instruction Fuzzy Hash: 7B31B6719093848FCB02DF788C5969EBFF5AF87220B0A40EBD445EB253E6358845D7A1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732EF8, Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 449d55b2635625bc792192739efc4d094779b5bc09b6f22dbb8ba3cf1959d3bd
                                • Instruction ID: 25523f6cb242128c2f2af6498fe1a2c7967bbf909196d737b0b4acff11d975f1
                                • Opcode Fuzzy Hash: 449d55b2635625bc792192739efc4d094779b5bc09b6f22dbb8ba3cf1959d3bd
                                • Instruction Fuzzy Hash: 7431F671B052449FCB02EB7CD9546AE7BF3AFC9310B1540AAD108E7392EB359D02CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05731738, Relevance: .1, Instructions: 94COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 139c9e148b5da7a2050df34ac0e77e3c91ba8f2b407c66d6ec393011aaa1361b
                                • Instruction ID: 13f9f2849983ccdeb51da8fa353539c92fa9572a5b98c46c0c1aa04b2c9d7699
                                • Opcode Fuzzy Hash: 139c9e148b5da7a2050df34ac0e77e3c91ba8f2b407c66d6ec393011aaa1361b
                                • Instruction Fuzzy Hash: CF31E435B052448FCB41E778D8156FE7BF2AFCA310B6580AAD508E7342EB348D02CB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05734767, Relevance: .1, Instructions: 88COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cd8e2aadac1e8248925a2c742259f2c7c57b1509e537779d86e63e51e675a0db
                                • Instruction ID: 62ee749dd0c535bab3a9eeef9e7c6878d99756da9593840d7717cc4adf21bead
                                • Opcode Fuzzy Hash: cd8e2aadac1e8248925a2c742259f2c7c57b1509e537779d86e63e51e675a0db
                                • Instruction Fuzzy Hash: 1C318071F002059FCB14EFA9C859BAE7BE3BF84350F10843AD619EB355EB7098029B80
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057312E0, Relevance: .1, Instructions: 84COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 45ccab49c0d7f5231db4bf2ccb8e7149422b6808bf2630f3e1cf79c8e6392fc6
                                • Instruction ID: 7acdcb36b70b0132ee1dbf1837cc9cc17b9f2c6e68d243b1bb2885db74dbb9b0
                                • Opcode Fuzzy Hash: 45ccab49c0d7f5231db4bf2ccb8e7149422b6808bf2630f3e1cf79c8e6392fc6
                                • Instruction Fuzzy Hash: DB213571F053544FCB01A7B8D8693AE3BE69FC5360F1541B6E608EB3D2EA64DC068391
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05731857, Relevance: .1, Instructions: 81COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8212808e27a19ea0bddd0fb71eb696de2cf21769a181df9112a28049fa2e318c
                                • Instruction ID: 8ab970334e31ef210b031b60b1413413b290a56886d958b3f72c2fddacd9b43e
                                • Opcode Fuzzy Hash: 8212808e27a19ea0bddd0fb71eb696de2cf21769a181df9112a28049fa2e318c
                                • Instruction Fuzzy Hash: 24210772F052844FDB059BB8C8157EA7BF6DF8A310F1544B6E505E7382EA349C05C7A5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057318B8, Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8b8edc46aca5a691c5214a88558460f018a71fe455755edf8966add3c3268507
                                • Instruction ID: b00f37062bf7dce3ff68dacba9236636e4fb76686a38358e5ecbe476c9b1374a
                                • Opcode Fuzzy Hash: 8b8edc46aca5a691c5214a88558460f018a71fe455755edf8966add3c3268507
                                • Instruction Fuzzy Hash: 75119031F001548BCB04EBB8C8196EE7BE6AFC8760B510879E606E7391EF359D01CBA1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 027D0724, Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.596071007.00000000027D0000.00000040.00000040.sdmp, Offset: 027D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2ee03ffee2e48092bee2ab9304165ef7ed8ccd349c54a0bce3efc919eff24bc5
                                • Instruction ID: a779499d6213cdf60657f29a863046a353eeda3c008f9ed425de4926b0746f4d
                                • Opcode Fuzzy Hash: 2ee03ffee2e48092bee2ab9304165ef7ed8ccd349c54a0bce3efc919eff24bc5
                                • Instruction Fuzzy Hash: 3821893550D3C09FCB03CB20C8A0B65BFB1AF57314F2985DAD4855F6A3C22A9806DB62
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F300E, Relevance: .1, Instructions: 63COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a081123c924540dcbbbb1e694d550b272c0637a495226722db365e1ccf71dee1
                                • Instruction ID: 4c69ad80e7ebab7830c27ef004308e4ef1a8d7ec7a1d8379c1bc6aa7309e8084
                                • Opcode Fuzzy Hash: a081123c924540dcbbbb1e694d550b272c0637a495226722db365e1ccf71dee1
                                • Instruction Fuzzy Hash: 7C21E5B5608341AFD340CF19D880A5BFBE4FF89660F04896EF998D7311D270E9088FA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F3A80, Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 57ecc3ada5fd7200d68c3322847f0f644416a0dae1326235d0f63b984cfe9cb6
                                • Instruction ID: dffa01da00473a3fd7296d79a528ea3ab8aebee4d043a1acc7aa48d0212aba19
                                • Opcode Fuzzy Hash: 57ecc3ada5fd7200d68c3322847f0f644416a0dae1326235d0f63b984cfe9cb6
                                • Instruction Fuzzy Hash: 2B11BAB5908305AFD350CF19D881A5BFBE4FB88664F14896EF998D7311D271EA048FA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 027D075C, Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.596071007.00000000027D0000.00000040.00000040.sdmp, Offset: 027D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 30de1fdd898592a5eac087a32ee1bd17826cfeae57a5fb6300fc713d47869092
                                • Instruction ID: 307e83a0ea7dd21f77658bff3ee0e406e5f25e62444dc56b3fbfe750ef1799ad
                                • Opcode Fuzzy Hash: 30de1fdd898592a5eac087a32ee1bd17826cfeae57a5fb6300fc713d47869092
                                • Instruction Fuzzy Hash: 1111D634204345EFD715CB24C984B26BBE5EB88718F24D59DE9491B653C777D803CE51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 027D072C, Relevance: .1, Instructions: 56COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.596071007.00000000027D0000.00000040.00000040.sdmp, Offset: 027D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 14b66c360e004a6510b77b4b87cbdf23fcdb8801c141dfd86dd0c100277b8ae0
                                • Instruction ID: 64706560af4f2b17b6bed836262ba1e3c16f4eb2addc230bfdbd44725d0c4a17
                                • Opcode Fuzzy Hash: 14b66c360e004a6510b77b4b87cbdf23fcdb8801c141dfd86dd0c100277b8ae0
                                • Instruction Fuzzy Hash: F7218C755093C59FCB03CB20C890B55BFB1AF57318F1985DAD8885F6A3C33A9906DB52
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732F58, Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 44ff24e299db19bef82fcf4ae46ce2250b160e6660ab5e3f550412ecbf4ae6c2
                                • Instruction ID: 67c32892493858e149c40fb990f98d30cbd44c0c391257d5160101fb60a341db
                                • Opcode Fuzzy Hash: 44ff24e299db19bef82fcf4ae46ce2250b160e6660ab5e3f550412ecbf4ae6c2
                                • Instruction Fuzzy Hash: D3115B75F011149F8B41EBBCE955AAEBBF6EFCC210B50806AD509E3341EF359D028BA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057309C8, Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b49bc2d5089fd0aa05178523cb8005940afcedeaca01feccc6c9d7f24bf4733
                                • Instruction ID: 855786f279aa88d701d520bde800564808f91f60fccaeade30b39d3c155e21b1
                                • Opcode Fuzzy Hash: 1b49bc2d5089fd0aa05178523cb8005940afcedeaca01feccc6c9d7f24bf4733
                                • Instruction Fuzzy Hash: 76110C75F011189F8B45EBBCE95469EBBF6AFCC210760806AD509E3341EB359D028B95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05731798, Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 16ead18d7075156c2f65d271b8a2749fc3d4ab6cbfa7266c1f4d16214dd414a8
                                • Instruction ID: d63f8f0aaf0e69ea0ca2541d44587e91b8d384819923f77f914afa4d1dfe89a5
                                • Opcode Fuzzy Hash: 16ead18d7075156c2f65d271b8a2749fc3d4ab6cbfa7266c1f4d16214dd414a8
                                • Instruction Fuzzy Hash: 2B113C71F001149F8B41EBBCD9546AEBBF6EFC8210760806AD509E3340EB359D028B95
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057346D8, Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8344d1afe98bc24918bab69f704ea8e914c81762840bf70bd4581ffa95d589ba
                                • Instruction ID: b98de85f0199e70a1e51fa0113cee1f15ad47557b5c3afc99037bc7f18a57daa
                                • Opcode Fuzzy Hash: 8344d1afe98bc24918bab69f704ea8e914c81762840bf70bd4581ffa95d589ba
                                • Instruction Fuzzy Hash: 8C0192B0E002159FDB54EFBAC849BAEBBE6FF85314F104476D518DB242EB71A9009791
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F3924, Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3370b32e700a7d18cd20c616d7f3dc1ea047942fb427224379d4357b91f23985
                                • Instruction ID: 343b2d74ade6d13cf0b68e8cb2e506f5fcd73977384cd15fd5199d62fe35a8ac
                                • Opcode Fuzzy Hash: 3370b32e700a7d18cd20c616d7f3dc1ea047942fb427224379d4357b91f23985
                                • Instruction Fuzzy Hash: E711ECB5508305AFD350CF09DC81E57FBE8EB88660F14891EFD5997311D271E9088FA2
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057346CA, Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4a5819fc28d72a943dd552813ebfc2081b0eff1a26df8c32846ad5620f2d89cc
                                • Instruction ID: 6d4d95a74d800e53774b0d59b4f0048ae5b3e9d39be85c11ce356bf4a450e7ca
                                • Opcode Fuzzy Hash: 4a5819fc28d72a943dd552813ebfc2081b0eff1a26df8c32846ad5620f2d89cc
                                • Instruction Fuzzy Hash: CC015EB0E002059FDB54DF69D88ABABBFF6FB45320F11407AD518DB242E771A901DB91
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 027D05CF, Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.596071007.00000000027D0000.00000040.00000040.sdmp, Offset: 027D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c339e0895e51f6f719c131025165f0c23fddd1269e3fec48d53b66b25fc30a2e
                                • Instruction ID: b9057fa4a2ef6f1f38ca1d67536ed16ee7bf030e1b567a51873f785e26743cf8
                                • Opcode Fuzzy Hash: c339e0895e51f6f719c131025165f0c23fddd1269e3fec48d53b66b25fc30a2e
                                • Instruction Fuzzy Hash: F901A2B650D7C0AFD7128B16AC41862FFB8DE86260709C4DFED898B612D165A908CB72
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057340C6, Relevance: .0, Instructions: 37COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 654e53dd9889fa2a7bbf3b7a6196f0cac3608aefb39281bc8e592621c6d28b3c
                                • Instruction ID: ee841db1ba8f15b6a9efb0eb9392d6b73ceb143c5e8a6df96d3feb4c8c1de0f0
                                • Opcode Fuzzy Hash: 654e53dd9889fa2a7bbf3b7a6196f0cac3608aefb39281bc8e592621c6d28b3c
                                • Instruction Fuzzy Hash: 3FF0F672A109248BCB04BFBCF55926DBBE2AB88215F004C6AD65A93380EF315D24D382
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 027D0818, Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.596071007.00000000027D0000.00000040.00000040.sdmp, Offset: 027D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                • Instruction ID: 026d4f1e5570b3b1d5c9965aa38136e89bf752b5f8223060c7a5943b55e00b69
                                • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                • Instruction Fuzzy Hash: 64F0FB35144645DFC605CB40D940B15FBA2EB89718F24C6A9E9491B652C3379813DE81
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 027D05F6, Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.596071007.00000000027D0000.00000040.00000040.sdmp, Offset: 027D0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7d59039c1b6c9230f688e43677017d4e31a2a54fa806cce52bc8d5dcae0b802e
                                • Instruction ID: 550c0c0a08dfcd91e4a49e6a5985bb66d0bffa1e2ff593be64944d042a4b97c5
                                • Opcode Fuzzy Hash: 7d59039c1b6c9230f688e43677017d4e31a2a54fa806cce52bc8d5dcae0b802e
                                • Instruction Fuzzy Hash: BDE092B6A046048BD750CF0BEC41462F7D8EB88630B18C07FDD0D8B700E135B508CEA5
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 057317F7, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 370fc224c9b10cb5029bf95bb29171b685fe69ad010182046e47e2b795b185d5
                                • Instruction ID: 79711bf499e5a14b387266de9d64cb5514662cf576800722f742113874f82701
                                • Opcode Fuzzy Hash: 370fc224c9b10cb5029bf95bb29171b685fe69ad010182046e47e2b795b185d5
                                • Instruction Fuzzy Hash: BEE0C236B000248B8B45EBB8E9955DEB7F6AFC82247208466D609E7291EF359E028B55
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732FB7, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f21288e6bdd17424cb75579ed5967727dde7f45f50fb705941063163fba46f0b
                                • Instruction ID: 41280797e63973a15662f3581cce87f9d167c4c90bb38c42f0464abc468886c8
                                • Opcode Fuzzy Hash: f21288e6bdd17424cb75579ed5967727dde7f45f50fb705941063163fba46f0b
                                • Instruction Fuzzy Hash: 1DE0ED36B000149B8F45E7B8E9555DDB7F2AFC821571044A6D609E7391DF359D028B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05730A27, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8fce2df046930de007ab0c55d214fc2479725bb4f9f717d2461a9bc55e0d6df4
                                • Instruction ID: 3c5359eb149fd8ecdf159f084737a188f041f15d0b7245e3e51c2b434eb54884
                                • Opcode Fuzzy Hash: 8fce2df046930de007ab0c55d214fc2479725bb4f9f717d2461a9bc55e0d6df4
                                • Instruction Fuzzy Hash: 21E0C936B000149FCB45E7B8E9945DEB7F2AFC86157208466D609E7251DF359D028B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 05732E97, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600554765.0000000005730000.00000040.00000001.sdmp, Offset: 05730000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 269331a56a33468553ed5259c205864bbe0fc46bb299eea58e7e76e77619b93b
                                • Instruction ID: cf0c8ec04d29181238cee153ebb511bf3320a036d0b7d914d467f426f2bdf7a2
                                • Opcode Fuzzy Hash: 269331a56a33468553ed5259c205864bbe0fc46bb299eea58e7e76e77619b93b
                                • Instruction Fuzzy Hash: 84E0E53AB001149F8F45EBB8E9955DEB3F2AFC82247208466D609E7391EF359E028B51
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F3973, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 417b30c155c0ab49544927497644845e37a62d3c785265051c2b4429cc263677
                                • Instruction ID: eff0269c8eb4f929e96b8421e7d6a6577c71de5e4f97f1014611b814b294df64
                                • Opcode Fuzzy Hash: 417b30c155c0ab49544927497644845e37a62d3c785265051c2b4429cc263677
                                • Instruction Fuzzy Hash: 5EE0D8B290030467D2509E069C82B63FF98DB40A30F14C45BEE0D1B302D172B5048AF1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F3AEB, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7f369fd5a80a368d269c76b222dad9d7f25e25a9f36e8c05acfd510aa880fa81
                                • Instruction ID: 55fc2656b2a8d639135d57543e6f06b552946372e0d605f893a2e0874e38a728
                                • Opcode Fuzzy Hash: 7f369fd5a80a368d269c76b222dad9d7f25e25a9f36e8c05acfd510aa880fa81
                                • Instruction Fuzzy Hash: 27E0D8B294030467D3108E06DC42B63FB98DB44A30F14C46BEE0C1B301D171B5148AE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F3397, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 41ede996e613a05987a73f2fdae19cb85a27be7ba8c957f02b171aaace5198e7
                                • Instruction ID: f1c2e3c50203aa71141c32f895ac165fdf257d244670fae33debcbfa8af07afa
                                • Opcode Fuzzy Hash: 41ede996e613a05987a73f2fdae19cb85a27be7ba8c957f02b171aaace5198e7
                                • Instruction Fuzzy Hash: AFE0D8B290020467D210DE069C42B63FB98DB40A30F14C45BEE0C1B301D172B514CAE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 055F3083, Relevance: .0, Instructions: 26COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.600355218.00000000055F0000.00000040.00000001.sdmp, Offset: 055F0000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 51fd7fdcc9fc0388f8ab931b50c0d1b5d7b7d026c2d20d5ae51bc850ee90e03a
                                • Instruction ID: 7e04f3ceaf818f4802afc4175a9c649965c74e9e494f258368da4a370e3a37b1
                                • Opcode Fuzzy Hash: 51fd7fdcc9fc0388f8ab931b50c0d1b5d7b7d026c2d20d5ae51bc850ee90e03a
                                • Instruction Fuzzy Hash: 77E0D8B290030467D2508F069C42B63FB98DB40A30F14C45BEE0C1F302D171B5148AE1
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CC23F4, Relevance: .0, Instructions: 15COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.595140858.0000000000CC2000.00000040.00000001.sdmp, Offset: 00CC2000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 91d8d8b867bca2a91711478a427e5145414a1f4c3c9c275a107c8657fd6ea5da
                                • Instruction ID: 49e71667ae232353b77d9d95ad1a2f442673ff5b69385a70655054c2a3b5f3c9
                                • Opcode Fuzzy Hash: 91d8d8b867bca2a91711478a427e5145414a1f4c3c9c275a107c8657fd6ea5da
                                • Instruction Fuzzy Hash: C1D05E79215A818FD32ACA1CC1A8F953BA4AB51B04F4644FDE800CB663C368DA81E200
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Function 00CC23BC, Relevance: .0, Instructions: 14COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000005.00000002.595140858.0000000000CC2000.00000040.00000001.sdmp, Offset: 00CC2000, based on PE: false
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d9cd6d3c530e54d82d8ab3c15f8582ae6ae4267c80d8a1c28d7f30e757aa38ec
                                • Instruction ID: ce23637c6582657991b69da1c6622119a488528d897ed1f73a6a655a2ce1d4bc
                                • Opcode Fuzzy Hash: d9cd6d3c530e54d82d8ab3c15f8582ae6ae4267c80d8a1c28d7f30e757aa38ec
                                • Instruction Fuzzy Hash: CFD05E343002818BC715DB0CC594F5937D8AB41B00F0A44ECEC108B672C3A8DD81C600
                                Uniqueness

                                Uniqueness Score: -1.00%

                                Non-executed Functions