Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report n4CeZTejKM.exe

Overview

General Information

Sample Name:n4CeZTejKM.exe
Analysis ID:383183
MD5:b8362f2f6e0353819fa0dd8a35ef6a58
SHA1:f1cb392fa0fd6acbb6eb1d858064a74fd5272ff3
SHA256:0ef41dabaa6af07317dd45595f15625cb7517650bb13b365de0717d3cad26197
Tags:exeNanoCoreRAT
Infos:

Most interesting Screenshot:

Detection

Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected Nanocore Rat
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: NanoCore
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected Nanocore RAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Hides that the sample has been downloaded from the Internet (zone.identifier)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to call native functions
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Startup

  • System is w10x64
  • n4CeZTejKM.exe (PID: 6528 cmdline: 'C:\Users\user\Desktop\n4CeZTejKM.exe' MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
    • powershell.exe (PID: 6640 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 6660 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6708 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6788 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6796 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • n4CeZTejKM.exe (PID: 6804 cmdline: C:\Users\user\Desktop\n4CeZTejKM.exe MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
    • n4CeZTejKM.exe (PID: 6900 cmdline: C:\Users\user\Desktop\n4CeZTejKM.exe MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
  • dhcpmon.exe (PID: 5820 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
    • powershell.exe (PID: 6120 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6128 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 1020 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmp3DD8.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 1276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6132 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • dhcpmon.exe (PID: 3348 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
    • dhcpmon.exe (PID: 6324 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
    • dhcpmon.exe (PID: 2168 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
    • dhcpmon.exe (PID: 6712 cmdline: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe MD5: B8362F2F6E0353819FA0DD8A35EF6A58)
  • cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "744b568e-a77e-4db4-a930-a5348ceb", "Group": "NWANWA", "Domain1": "lastme11.ddns.net", "Domain2": "127.0.0.1", "Port": 8282, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "", "BackupDNSServer": ""}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xff8d:$x1: NanoCore.ClientPluginHost
  • 0xffca:$x2: IClientNetworkHost
  • 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmpJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
    00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmpNanoCoreunknown Kevin Breen <kevin@techanarchy.net>
    • 0xfcf5:$a: NanoCore
    • 0xfd05:$a: NanoCore
    • 0xff39:$a: NanoCore
    • 0xff4d:$a: NanoCore
    • 0xff8d:$a: NanoCore
    • 0xfd54:$b: ClientPlugin
    • 0xff56:$b: ClientPlugin
    • 0xff96:$b: ClientPlugin
    • 0xfe7b:$c: ProjectData
    • 0x10882:$d: DESCrypto
    • 0x1824e:$e: KeepAlive
    • 0x1623c:$g: LogClientMessage
    • 0x12437:$i: get_Connected
    • 0x10bb8:$j: #=q
    • 0x10be8:$j: #=q
    • 0x10c04:$j: #=q
    • 0x10c34:$j: #=q
    • 0x10c50:$j: #=q
    • 0x10c6c:$j: #=q
    • 0x10c9c:$j: #=q
    • 0x10cb8:$j: #=q
    00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xf7ad:$x1: NanoCore.ClientPluginHost
    • 0xf7da:$x2: IClientNetworkHost
    00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xf7ad:$x2: NanoCore.ClientPluginHost
    • 0x10888:$s4: PipeCreated
    • 0xf7c7:$s5: IClientLoggingHost
    Click to see the 32 entries

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    23.2.dhcpmon.exe.3f1e434.3.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
    • 0xd9ad:$x1: NanoCore.ClientPluginHost
    • 0xd9da:$x2: IClientNetworkHost
    23.2.dhcpmon.exe.3f1e434.3.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
    • 0xd9ad:$x2: NanoCore.ClientPluginHost
    • 0xea88:$s4: PipeCreated
    • 0xd9c7:$s5: IClientLoggingHost
    23.2.dhcpmon.exe.3f1e434.3.unpackJoeSecurity_NanocoreYara detected Nanocore RATJoe Security
      9.2.n4CeZTejKM.exe.5f00000.9.raw.unpackNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
      • 0xf7ad:$x1: NanoCore.ClientPluginHost
      • 0xf7da:$x2: IClientNetworkHost
      9.2.n4CeZTejKM.exe.5f00000.9.raw.unpackNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
      • 0xf7ad:$x2: NanoCore.ClientPluginHost
      • 0x10888:$s4: PipeCreated
      • 0xf7c7:$s5: IClientLoggingHost
      Click to see the 68 entries

      Sigma Overview

      System Summary:

      barindex
      Sigma detected: NanoCoreShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\n4CeZTejKM.exe, ProcessId: 6900, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
      Sigma detected: Scheduled temp file as task from temp locationShow sources
      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\n4CeZTejKM.exe' , ParentImage: C:\Users\user\Desktop\n4CeZTejKM.exe, ParentProcessId: 6528, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp', ProcessId: 6660

      Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmpMalware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "744b568e-a77e-4db4-a930-a5348ceb", "Group": "NWANWA", "Domain1": "lastme11.ddns.net", "Domain2": "127.0.0.1", "Port": 8282, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "", "BackupDNSServer": ""}
      Multi AV Scanner detection for dropped fileShow sources
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMetadefender: Detection: 18%Perma Link
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeReversingLabs: Detection: 68%
      Source: C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exeMetadefender: Detection: 18%Perma Link
      Source: C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exeReversingLabs: Detection: 68%
      Multi AV Scanner detection for submitted fileShow sources
      Source: n4CeZTejKM.exeVirustotal: Detection: 42%Perma Link
      Source: n4CeZTejKM.exeMetadefender: Detection: 18%Perma Link
      Source: n4CeZTejKM.exeReversingLabs: Detection: 68%
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORY
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPE
      Machine Learning detection for dropped fileShow sources
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exeJoe Sandbox ML: detected
      Machine Learning detection for sampleShow sources
      Source: n4CeZTejKM.exeJoe Sandbox ML: detected
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.unpackAvira: Label: TR/NanoCore.fadte
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: 23.2.dhcpmon.exe.400000.0.unpackAvira: Label: TR/Dropper.MSIL.Gen7
      Source: n4CeZTejKM.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
      Source: n4CeZTejKM.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: n4CeZTejKM.exe, 00000009.00000002.477387335.00000000032A5000.00000004.00000040.sdmp
      Source: Binary string: mscorrc.pdb source: n4CeZTejKM.exe, 00000001.00000002.220301959.0000000004FE0000.00000002.00000001.sdmp, n4CeZTejKM.exe, 00000009.00000002.486778263.0000000005C10000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.271352812.0000000002810000.00000002.00000001.sdmp
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h1_2_04F5CA70
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h10_2_0268C268

      Networking:

      barindex
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: lastme11.ddns.net
      Source: Malware configuration extractorURLs: 127.0.0.1
      Uses dynamic DNS servicesShow sources
      Source: unknownDNS query: name: lastme11.ddns.net
      Source: global trafficTCP traffic: 192.168.2.3:49705 -> 194.5.98.9:8282
      Source: Joe Sandbox ViewIP Address: 194.5.98.9 194.5.98.9
      Source: Joe Sandbox ViewASN Name: DANILENKODE DANILENKODE
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.177
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.177
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.177
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownUDP traffic detected without corresponding DNS query: 37.235.1.174
      Source: unknownDNS traffic detected: queries for: lastme11.ddns.net
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
      Source: powershell.exe, 0000000B.00000002.438581357.0000000004641000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
      Source: powershell.exe, 00000002.00000003.303550932.0000000004E8B000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.313150171.0000000005098000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
      Source: n4CeZTejKM.exe, 00000001.00000002.212751327.0000000000F3A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
      Source: n4CeZTejKM.exe, 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmpBinary or memory string: RegisterRawInputDevices

      E-Banking Fraud:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORY
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPE

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000009.00000002.486853202.0000000005C70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 23.2.dhcpmon.exe.2ee17c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.3681654.2.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.5c70000.8.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPEMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
      Source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_05F113D6 NtQuerySystemInformation,1_2_05F113D6
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_05F113A9 NtQuerySystemInformation,1_2_05F113A9
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_0590131A NtQuerySystemInformation,9_2_0590131A
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_059012DF NtQuerySystemInformation,9_2_059012DF
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_05BA120E NtQuerySystemInformation,10_2_05BA120E
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_05BA11DD NtQuerySystemInformation,10_2_05BA11DD
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_00E978181_2_00E97818
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_04F50EC81_2_04F50EC8
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_04F528F61_2_04F528F6
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_04F528F81_2_04F528F8
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_04F529D61_2_04F529D6
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_04F529AE1_2_04F529AE
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_04F50EB81_2_04F50EB8
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E2FA89_2_032E2FA8
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E23A09_2_032E23A0
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E87889_2_032E8788
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032EB0589_2_032EB058
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E38509_2_032E3850
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E93889_2_032E9388
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E969B9_2_032E969B
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E9C309_2_032E9C30
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E306F9_2_032E306F
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_032E944F9_2_032E944F
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_02680EC810_2_02680EC8
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_02680EB810_2_02680EB8
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0268295410_2_02682954
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_0268292410_2_02682924
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029A5F7011_2_029A5F70
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029AADF011_2_029AADF0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_045EC24011_2_045EC240
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_077826E011_2_077826E0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07788BD811_2_07788BD8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0778000711_2_07780007
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0779A73811_2_0779A738
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0779C79011_2_0779C790
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07796B5D11_2_07796B5D
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0779932011_2_07799320
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0779E16211_2_0779E162
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0779A79811_2_0779A798
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07794F8811_2_07794F88
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0779B78111_2_0779B781
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07794BB811_2_07794BB8
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_077932D011_2_077932D0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026C98D015_2_026C98D0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026CB46815_2_026CB468
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026CCD4815_2_026CCD48
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026DCFC815_2_026DCFC8
      Source: n4CeZTejKM.exeBinary or memory string: OriginalFilename vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.221845471.0000000005D70000.00000002.00000001.sdmpBinary or memory string: originalfilename vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.221845471.0000000005D70000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.221432983.0000000005C70000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDebuggerHiddenAttribute.dllX vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.220301959.0000000004FE0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.220019146.0000000004F70000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDurmu_ vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000002.212751327.0000000000F3A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenamemscorwks.dllT vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000001.00000003.209003232.0000000000FDF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameFlushWriteAsyncd42.exe: vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exeBinary or memory string: OriginalFilename vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000008.00000002.209394254.0000000000212000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFlushWriteAsyncd42.exe: vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exeBinary or memory string: OriginalFilename vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000002.487949749.0000000006A80000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameKernelbase.dll.muij% vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000002.483025308.0000000003671000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameClientPlugin.dll4 vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000002.487529435.00000000063E0000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameLzma#.dll4 vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSurveillanceExClientPlugin.dll4 vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000000.210277250.0000000000F12000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameFlushWriteAsyncd42.exe: vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000002.486234603.00000000058F0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenameuser32j% vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exe, 00000009.00000002.486778263.0000000005C10000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs n4CeZTejKM.exe
      Source: n4CeZTejKM.exeBinary or memory string: OriginalFilenameFlushWriteAsyncd42.exe: vs n4CeZTejKM.exe
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dll
      Source: n4CeZTejKM.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
      Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000009.00000002.486853202.0000000005C70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000009.00000002.486853202.0000000005C70000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 23.2.dhcpmon.exe.2ee17c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 23.2.dhcpmon.exe.2ee17c8.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.3681654.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.3681654.2.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.5c70000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.5c70000.8.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
      Source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPEMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
      Source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPEMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'CreateDecryptor'
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.csCryptographic APIs: 'TransformFinalBlock'
      Source: classification engineClassification label: mal100.troj.evad.winEXE@32/28@30/2
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_05F10FC2 AdjustTokenPrivileges,1_2_05F10FC2
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_05F10F8B AdjustTokenPrivileges,1_2_05F10F8B
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_059010DA AdjustTokenPrivileges,9_2_059010DA
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_059010A3 AdjustTokenPrivileges,9_2_059010A3
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_05BA0B4E AdjustTokenPrivileges,10_2_05BA0B4E
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_05BA0B17 AdjustTokenPrivileges,10_2_05BA0B17
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile created: C:\Program Files (x86)\DHCP Monitor
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile created: C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exeJump to behavior
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6652:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6708:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5408:120:WilError_01
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeMutant created: \Sessions\1\BaseNamedObjects\Global\{744b568e-a77e-4db4-a930-a5348ceb4c3b}
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMutant created: \Sessions\1\BaseNamedObjects\JVvAqWFgsNsPISjcE
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6128:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6796:120:WilError_01
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1276:120:WilError_01
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile created: C:\Users\user\AppData\Local\Temp\tmpF565.tmpJump to behavior
      Source: n4CeZTejKM.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276219460.0000000002BE4000.00000004.00000001.sdmpBinary or memory string: INSERT INTO PublisherMembershipCondition VALUES(@modelo, @fabricante, @ano, @cor);
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276219460.0000000002BE4000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276219460.0000000002BE4000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276219460.0000000002BE4000.00000004.00000001.sdmpBinary or memory string: Select * from PublisherMembershipCondition WHERE modelo=@modelo;zDeu erro na execu
      Source: n4CeZTejKM.exeVirustotal: Detection: 42%
      Source: n4CeZTejKM.exeMetadefender: Detection: 18%
      Source: n4CeZTejKM.exeReversingLabs: Detection: 68%
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile read: C:\Users\user\Desktop\n4CeZTejKM.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe 'C:\Users\user\Desktop\n4CeZTejKM.exe'
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe'
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp'
      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe C:\Users\user\Desktop\n4CeZTejKM.exe
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe C:\Users\user\Desktop\n4CeZTejKM.exe
      Source: unknownProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmp3DD8.tmp'
      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe C:\Users\user\Desktop\n4CeZTejKM.exeJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe C:\Users\user\Desktop\n4CeZTejKM.exeJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmp3DD8.tmp'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
      Source: n4CeZTejKM.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
      Source: n4CeZTejKM.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: indows\mscorlib.pdbpdblib.pdb source: n4CeZTejKM.exe, 00000009.00000002.477387335.00000000032A5000.00000004.00000040.sdmp
      Source: Binary string: mscorrc.pdb source: n4CeZTejKM.exe, 00000001.00000002.220301959.0000000004FE0000.00000002.00000001.sdmp, n4CeZTejKM.exe, 00000009.00000002.486778263.0000000005C10000.00000002.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.271352812.0000000002810000.00000002.00000001.sdmp

      Data Obfuscation:

      barindex
      .NET source code contains method to dynamically call methods (often used by packers)Show sources
      Source: n4CeZTejKM.exe, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      Source: sIlqvNJawsmeFV.exe.1.dr, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      Source: 1.2.n4CeZTejKM.exe.6c0000.0.unpack, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      Source: 1.0.n4CeZTejKM.exe.6c0000.0.unpack, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      Source: 8.2.n4CeZTejKM.exe.210000.0.unpack, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      Source: 8.0.n4CeZTejKM.exe.210000.0.unpack, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      Source: dhcpmon.exe.9.dr, ListView/FallbackBuffer.cs.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "WinControls.ListView" } } }, null, null, null, true)
      .NET source code contains potential unpackerShow sources
      Source: n4CeZTejKM.exe, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: sIlqvNJawsmeFV.exe.1.dr, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 1.2.n4CeZTejKM.exe.6c0000.0.unpack, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 1.0.n4CeZTejKM.exe.6c0000.0.unpack, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 8.2.n4CeZTejKM.exe.210000.0.unpack, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 8.0.n4CeZTejKM.exe.210000.0.unpack, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: dhcpmon.exe.9.dr, ListView/FallbackBuffer.cs.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 1_2_00E980FD push ebp; ret 1_2_00E98169
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_016D9D78 pushad ; retf 9_2_016D9D79
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_00B1811E push ecx; ret 10_2_00B18145
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_00B18162 push ebp; ret 10_2_00B18169
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_00B17C81 push eax; ret 10_2_00B1811D
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_00B17C81 push ebp; ret 10_2_00B18169
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeCode function: 10_2_026A0AAE push 00000002h; retn 0010h10_2_026A0AB0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029A2180 push edx; retf 11_2_029A218E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029ADE8F push ecx; retf 11_2_029ADE91
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029ADEBB push ecx; retf 11_2_029ADEBD
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029ADDE4 push ecx; retf 11_2_029ADDE6
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_029AED60 push ebp; retf 11_2_029AED6E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_045EDFCB push es; ret 11_2_045EDFD0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07785753 push es; ret 11_2_07785740
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_077826D3 push esp; iretd 11_2_077826D6
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_077826C5 push ebp; iretd 11_2_077826D2
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0778F68B push edi; retf 11_2_0778F696
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_077854E8 push es; ret 11_2_07785740
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0778E21F push eax; retf 11_2_0778E22E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07783280 pushad ; iretd 11_2_07783282
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07783283 pushad ; iretd 11_2_0778328A
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07780007 push esi; iretd 11_2_07780032
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0778FF99 push es; ret 11_2_0778FF65
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0778CEDF push es; ret 11_2_0778CEE0
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07787BC9 push es; retn 0004h11_2_07787BF4
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_0778EA30 push eax; retf 11_2_0778EA3E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07797348 push 8BF88B00h; iretd 11_2_0779734E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 11_2_07790A69 push ecx; retf 11_2_07790A7E
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026C4B89 push eax; mov dword ptr [esp], edx15_2_026C4B9C
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026C86F0 push es; ret 15_2_026C8700
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 15_2_026C4F40 push eax; mov dword ptr [esp], edx15_2_026C4F44
      Source: initial sampleStatic PE information: section name: .text entropy: 6.80300279946
      Source: initial sampleStatic PE information: section name: .text entropy: 6.80300279946
      Source: initial sampleStatic PE information: section name: .text entropy: 6.80300279946
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.csHigh entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
      Source: 9.2.n4CeZTejKM.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.csHigh entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile created: C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exeJump to dropped file
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeJump to dropped file

      Boot Survival:

      barindex
      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp'

      Hooking and other Techniques for Hiding and Protection:

      barindex
      Hides that the sample has been downloaded from the Internet (zone.identifier)Show sources
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeFile opened: C:\Users\user\Desktop\n4CeZTejKM.exe:Zone.Identifier read attributes | delete
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

      Malware Analysis System Evasion:

      barindex
      Yara detected AntiVM3Show sources
      Source: Yara matchFile source: 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: 10.2.dhcpmon.exe.2bc92f8.2.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.2d892d4.1.raw.unpack, type: UNPACKEDPE
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
      Source: n4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.dll
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.psm1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.ni.dll
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.cdxml
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.xaml
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\Hyper-V\Hyper-V.psd1
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5318Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1958Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4552Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2112Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeWindow / User API: foregroundWindowGot 700
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2620
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4856
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4366
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2888
      Source: C:\Users\user\Desktop\n4CeZTejKM.exe TID: 6532Thread sleep time: -99025s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exe TID: 6592Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5516Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6876Thread sleep count: 4552 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6880Thread sleep count: 2112 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6944Thread sleep count: 53 > 30Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6148Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exe TID: 6968Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Users\user\Desktop\n4CeZTejKM.exe TID: 6948Thread sleep time: -340000s >= -30000s
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 3352Thread sleep time: -99321s >= -30000s
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 2788Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3728Thread sleep time: -5534023222112862s >= -30000s
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6184Thread sleep count: 4366 > 30
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6180Thread sleep count: 2888 > 30
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6268Thread sleep count: 55 > 30
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3440Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 4912Thread sleep time: -922337203685477s >= -30000s
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_05900D66 GetSystemInfo,9_2_05900D66
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeThread delayed: delay time: 99025Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 99321
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeThread delayed: delay time: 922337203685477
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Add-VMNetworkAdapter
      Source: powershell.exe, 00000002.00000003.303550932.0000000004E8B000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.313150171.0000000005098000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000003.441693484.0000000004EF3000.00000004.00000001.sdmpBinary or memory string: Hyper-V
      Source: dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Set-VMNetworkAdapterTeamMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Connect-VMNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Add-VMNetworkAdapterExtendedAcl
      Source: n4CeZTejKM.exe, 00000009.00000002.487949749.0000000006A80000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapterTeamMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: lKC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\1.1\Hyper-V.psd1
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapterIsolation
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Test-VMNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Set-VMNetworkAdapterRdma
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapterAcl
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: lOC:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V\2.0.0.0\Hyper-V.psd1
      Source: dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpBinary or memory string: vmware
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Rename-VMNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapterVlan
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l)Get-VMNetworkAdapterFailoverConfiguration
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Remove-VMNetworkAdapterAcl
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l(Set-VmNetworkAdapterRoutingDomainMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Add-VMScsiController
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Set-VmNetworkAdapterIsolation
      Source: n4CeZTejKM.exe, 00000009.00000002.487949749.0000000006A80000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMScsiController
      Source: dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapterRdma
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
      Source: n4CeZTejKM.exe, 00000009.00000002.487949749.0000000006A80000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l"Remove-VMNetworkAdapterExtendedAcl
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Set-VMNetworkAdapterVlan
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l(Add-VmNetworkAdapterRoutingDomainMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VmNetworkAdapterIsolation
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Set-VMNetworkAdapterIsolationst0T
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Set-VMNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Disconnect-VMNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l)Set-VMNetworkAdapterFailoverConfiguration
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l(Add-VMNetworkAdapterRoutingDomainMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l(Get-VMNetworkAdapterRoutingDomainMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Add-VMNetworkAdapterAcl
      Source: dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Remove-VMScsiController
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l+Remove-VMNetworkAdapterRoutingDomainMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l"Remove-VMNetworkAdapterTeamMapping
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Remove-VMNetworkAdapter
      Source: n4CeZTejKM.exe, 00000009.00000002.487949749.0000000006A80000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: Get-VMNetworkAdapterExtendedAcl
      Source: powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpBinary or memory string: l(Set-VMNetworkAdapterRoutingDomainMapping
      Source: powershell.exe, 00000002.00000003.303550932.0000000004E8B000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.313150171.0000000005098000.00000004.00000001.sdmp, powershell.exe, 0000000F.00000003.441693484.0000000004EF3000.00000004.00000001.sdmpBinary or memory string: l:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess token adjusted: Debug
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess token adjusted: Debug
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Adds a directory exclusion to Windows DefenderShow sources
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe'
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'Jump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeMemory written: C:\Users\user\Desktop\n4CeZTejKM.exe base: 400000 value starts with: 4D5AJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeMemory written: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe base: 400000 value starts with: 4D5A
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'Jump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe C:\Users\user\Desktop\n4CeZTejKM.exeJump to behavior
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeProcess created: C:\Users\user\Desktop\n4CeZTejKM.exe C:\Users\user\Desktop\n4CeZTejKM.exeJump to behavior
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmp3DD8.tmp'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exeProcess created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
      Source: n4CeZTejKM.exe, 00000009.00000003.422297965.00000000061D5000.00000004.00000001.sdmpBinary or memory string: Program Manager
      Source: n4CeZTejKM.exe, 00000009.00000002.477100038.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
      Source: n4CeZTejKM.exe, 00000009.00000002.477100038.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Progman
      Source: n4CeZTejKM.exe, 00000009.00000002.477100038.0000000001D20000.00000002.00000001.sdmpBinary or memory string: Progmanlock
      Source: n4CeZTejKM.exe, 00000009.00000002.483344417.0000000003730000.00000004.00000001.sdmpBinary or memory string: Program ManagerHQJ
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0011~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00114~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0014~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00112~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00116~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_016CAF9A GetUserNameW,9_2_016CAF9A
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

      Stealing of Sensitive Information:

      barindex
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORY
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPE

      Remote Access Functionality:

      barindex
      Detected Nanocore RatShow sources
      Source: n4CeZTejKM.exe, 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: n4CeZTejKM.exe, 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: n4CeZTejKM.exe, 00000009.00000002.483025308.0000000003671000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Source: dhcpmon.exe, 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: dhcpmon.exe, 00000017.00000002.298863189.0000000002ED1000.00000004.00000001.sdmpString found in binary or memory: NanoCore.ClientPluginHost
      Source: dhcpmon.exe, 00000017.00000002.298863189.0000000002ED1000.00000004.00000001.sdmpString found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll
      Yara detected Nanocore RATShow sources
      Source: Yara matchFile source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6900, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: n4CeZTejKM.exe PID: 6528, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 5820, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: dhcpmon.exe PID: 6712, type: MEMORY
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46c2a5d.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f00000.9.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f22a5d.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3dfa8d0.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46be434.3.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.400000.0.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.5f04629.10.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f1e434.3.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 23.2.dhcpmon.exe.3f195fe.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 1.2.n4CeZTejKM.exe.3ef4b80.4.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3d34b80.5.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 10.2.dhcpmon.exe.3c3a8d0.4.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 9.2.n4CeZTejKM.exe.46b95fe.5.raw.unpack, type: UNPACKEDPE
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_0590262A bind,9_2_0590262A
      Source: C:\Users\user\Desktop\n4CeZTejKM.exeCode function: 9_2_059025D8 bind,9_2_059025D8

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsScheduled Task/Job1DLL Side-Loading1DLL Side-Loading1Disable or Modify Tools11Input Capture21Account Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobScheduled Task/Job1Access Token Manipulation1Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolInput Capture21Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Process Injection112Obfuscated Files or Information3Security Account ManagerSystem Information Discovery13SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationRemote Access Software1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Scheduled Task/Job1Software Packing22NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol1SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDLL Side-Loading1LSA SecretsSecurity Software Discovery211SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol21Manipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading2Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion31DCSyncVirtualization/Sandbox Evasion31Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection112/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Hidden Files and Directories1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 383183 Sample: n4CeZTejKM.exe Startdate: 07/04/2021 Architecture: WINDOWS Score: 100 62 Found malware configuration 2->62 64 Malicious sample detected (through community Yara rule) 2->64 66 Multi AV Scanner detection for dropped file 2->66 68 14 other signatures 2->68 7 n4CeZTejKM.exe 7 2->7         started        11 dhcpmon.exe 2->11         started        process3 file4 44 C:\Users\user\AppData\...\sIlqvNJawsmeFV.exe, PE32 7->44 dropped 46 C:\...\sIlqvNJawsmeFV.exe:Zone.Identifier, ASCII 7->46 dropped 48 C:\Users\user\AppData\Local\...\tmpF565.tmp, XML 7->48 dropped 50 C:\Users\user\AppData\...\n4CeZTejKM.exe.log, ASCII 7->50 dropped 70 Uses schtasks.exe or at.exe to add and modify task schedules 7->70 72 Adds a directory exclusion to Windows Defender 7->72 74 Injects a PE file into a foreign processes 7->74 13 n4CeZTejKM.exe 7->13         started        18 powershell.exe 24 7->18         started        20 powershell.exe 26 7->20         started        28 2 other processes 7->28 22 powershell.exe 11->22         started        24 schtasks.exe 11->24         started        26 powershell.exe 11->26         started        30 4 other processes 11->30 signatures5 process6 dnsIp7 58 lastme11.ddns.net 194.5.98.9, 49705, 49709, 49712 DANILENKODE Netherlands 13->58 60 127.0.0.1 unknown unknown 13->60 52 C:\Program Files (x86)\...\dhcpmon.exe, PE32 13->52 dropped 54 C:\Users\user\AppData\Roaming\...\run.dat, ISO-8859 13->54 dropped 56 C:\...\dhcpmon.exe:Zone.Identifier, ASCII 13->56 dropped 76 Hides that the sample has been downloaded from the Internet (zone.identifier) 13->76 32 conhost.exe 18->32         started        34 conhost.exe 20->34         started        36 conhost.exe 22->36         started        38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        42 conhost.exe 28->42         started        file8 signatures9 process10

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      n4CeZTejKM.exe42%VirustotalBrowse
      n4CeZTejKM.exe24%MetadefenderBrowse
      n4CeZTejKM.exe69%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
      n4CeZTejKM.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe100%Joe Sandbox ML
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe24%MetadefenderBrowse
      C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe69%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
      C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe24%MetadefenderBrowse
      C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe69%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      9.2.n4CeZTejKM.exe.5f00000.9.unpack100%AviraTR/NanoCore.fadteDownload File
      9.2.n4CeZTejKM.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File
      23.2.dhcpmon.exe.400000.0.unpack100%AviraTR/Dropper.MSIL.Gen7Download File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      lastme11.ddns.net0%Avira URL Cloudsafe
      https://go.micro0%URL Reputationsafe
      https://go.micro0%URL Reputationsafe
      https://go.micro0%URL Reputationsafe
      127.0.0.10%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      lastme11.ddns.net
      		194.5.98.9
      		truetrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        lastme11.ddns.nettrue
        • Avira URL Cloud: safe
        		unknown
        127.0.0.1true
        • Avira URL Cloud: safe
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpfalse
          		high
          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 0000000B.00000002.438581357.0000000004641000.00000004.00000001.sdmpfalse
            		high
            https://go.micropowershell.exe, 00000002.00000003.303550932.0000000004E8B000.00000004.00000001.sdmp, powershell.exe, 00000006.00000003.313150171.0000000005098000.00000004.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssn4CeZTejKM.exe, 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, dhcpmon.exe, 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmpfalse
              		high
              http://schemas.xmlsoap.org/wsdl/powershell.exe, 0000000B.00000002.439146359.0000000004782000.00000004.00000001.sdmpfalse
                		high

                Contacted IPs

                • No. of IPs < 25%
                • 25% < No. of IPs < 50%
                • 50% < No. of IPs < 75%
                • 75% < No. of IPs

                Public

                IPDomainCountryFlagASNASN NameMalicious
                194.5.98.9
                		lastme11.ddns.netNetherlands
                		208476DANILENKODEtrue

                Private

                IP
                127.0.0.1

                General Information

                Joe Sandbox Version:31.0.0 Emerald
                Analysis ID:383183
                Start date:07.04.2021
                Start time:12:06:12
                Joe Sandbox Product:CloudBasic
                Overall analysis duration:0h 14m 0s
                Hypervisor based Inspection enabled:false
                Report type:full
                Sample file name:n4CeZTejKM.exe
                Cookbook file name:default.jbs
                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                Number of analysed new started processes analysed:40
                Number of new started drivers analysed:0
                Number of existing processes analysed:0
                Number of existing drivers analysed:0
                Number of injected processes analysed:0
                Technologies:
                • HCA enabled
                • EGA enabled
                • HDC enabled
                • AMSI enabled
                Analysis Mode:default
                Analysis stop reason:Timeout
                Detection:MAL
                Classification:mal100.troj.evad.winEXE@32/28@30/2
                EGA Information:Failed
                HDC Information:
                • Successful, ratio: 3.1% (good quality ratio 3.1%)
                • Quality average: 64.8%
                • Quality standard deviation: 10.7%
                HCA Information:
                • Successful, ratio: 90%
                • Number of executed functions: 591
                • Number of non-executed functions: 10
                Cookbook Comments:
                • Adjust boot time
                • Enable AMSI
                • Found application associated with file extension: .exe
                Warnings:
                Show All
                • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, UsoClient.exe
                • Report creation exceeded maximum time and may have missing disassembly code information.
                • Report size exceeded maximum capacity and may have missing behavior information.
                • Report size getting too big, too many NtOpenKeyEx calls found.
                • Report size getting too big, too many NtQueryAttributesFile calls found.
                • Report size getting too big, too many NtQueryValueKey calls found.

                Simulations

                Behavior and APIs

                TimeTypeDescription
                12:07:00API Interceptor738x Sleep call for process: n4CeZTejKM.exe modified
                12:07:05AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                12:07:17API Interceptor2x Sleep call for process: dhcpmon.exe modified
                12:07:35API Interceptor201x Sleep call for process: powershell.exe modified

                Joe Sandbox View / Context

                IPs

                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                194.5.98.9New purchase order PO#678932190,rar.exeGet hashmaliciousBrowse
                  37Bill of lading information -8877-pdf-invoice677.jsGet hashmaliciousBrowse
                    37Bill of lading information -8877-pdf-invoice677.jsGet hashmaliciousBrowse
                      41Payment copy.jsGet hashmaliciousBrowse
                        41Payment copy.jsGet hashmaliciousBrowse
                          Scan Copy.exeGet hashmaliciousBrowse

                            Domains

                            No context

                            ASN

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            DANILENKODENew Order request Ref E100-#3175704534,pdf.e.exeGet hashmaliciousBrowse
                            • 194.5.97.14
                            PO-#3175704534,PDF.exeGet hashmaliciousBrowse
                            • 194.5.97.14
                            Evgp2DqQha.exeGet hashmaliciousBrowse
                            • 194.5.98.107
                            Payment Copy #6578965432.exeGet hashmaliciousBrowse
                            • 194.5.98.52
                            PO SKP 149684.jarGet hashmaliciousBrowse
                            • 194.5.98.48
                            4EPXPkicIL.exeGet hashmaliciousBrowse
                            • 194.5.97.158
                            xoxd454e9q.exeGet hashmaliciousBrowse
                            • 194.5.97.158
                            1VzQLgPeAlfHSHQ.exeGet hashmaliciousBrowse
                            • 194.5.97.214
                            XJ1lVmdiCi.exeGet hashmaliciousBrowse
                            • 194.5.97.237
                            QUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exeGet hashmaliciousBrowse
                            • 194.5.98.182
                            Revised invoice30032021.exeGet hashmaliciousBrowse
                            • 194.5.98.145
                            QUOTATIONs#280321_RFQ_PRODUCTS_ENQUIRY_TRINITY_VIETNAM_CO.exeGet hashmaliciousBrowse
                            • 194.5.98.182
                            Vp0VO1U2oo.exeGet hashmaliciousBrowse
                            • 194.5.98.107
                            IpEtbpwMpM.exeGet hashmaliciousBrowse
                            • 194.5.98.250
                            LOT 15 - Transfer Manifest.xlsxGet hashmaliciousBrowse
                            • 194.5.98.250
                            2df27f1a3505dbd0995188d49c253f5bc53c0e994954c.exeGet hashmaliciousBrowse
                            • 194.5.98.107
                            1AQz4ua1TU.exeGet hashmaliciousBrowse
                            • 194.5.98.107
                            5YjMB4pzS4.exeGet hashmaliciousBrowse
                            • 194.5.98.49
                            F8ZoCqWINT.exeGet hashmaliciousBrowse
                            • 194.5.98.250
                            xxRtA2mCLA.exeGet hashmaliciousBrowse
                            • 194.5.98.250

                            JA3 Fingerprints

                            No context

                            Dropped Files

                            No context

                            Created / dropped Files

                            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:dropped
                            Size (bytes):992768
                            Entropy (8bit):6.75779325476642
                            Encrypted:false
                            SSDEEP:12288:5EMXiA97oRAgvitEQ6TFQdNXDfx2EHphAKeZrdhOBcc3:nH97AZfQ0GdNMEHbkhOH
                            MD5:B8362F2F6E0353819FA0DD8A35EF6A58
                            SHA1:F1CB392FA0FD6ACBB6EB1D858064A74FD5272FF3
                            SHA-256:0EF41DABAA6AF07317DD45595F15625CB7517650BB13B365DE0717D3CAD26197
                            SHA-512:BB06D70FB66480A8A7BC464A4AE3F4E0EE08D38F06779571B83E23B7CAC00DDF1DA417FA8754541514CC971CA3FAF549EB9F40BFDA2E0EF77444ECBA6BE6C923
                            Malicious:true
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: Metadefender, Detection: 24%, Browse
                            • Antivirus: ReversingLabs, Detection: 69%
                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#G]`..............P......L......n.... ........@.. ....................................@.....................................O.......$I...................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...$I.......J..................@..@.reloc.......`.......$..............@..B................P.......H........Q...K...............[...........................................0............(;...(<.........(.....o=....*.....................(>......(?......(@......(A......(B....*N..(....oA...(C....*&..(D....*.sE........sF........sG........sH........sI........*....0...........~....oJ....+..*.0...........~....oK....+..*.0...........~....oL....+..*.0...........~....oM....+..*.0...........~....oN....+..*&..(O....*...0..<........~.....(P.....,!r...p.....(Q...oR...sS............~.....
                            C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe:Zone.Identifier
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):26
                            Entropy (8bit):3.95006375643621
                            Encrypted:false
                            SSDEEP:3:ggPYV:rPYV
                            MD5:187F488E27DB4AF347237FE461A079AD
                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                            Malicious:true
                            Preview: [ZoneTransfer]....ZoneId=0
                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log
                            Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):664
                            Entropy (8bit):5.288448637977022
                            Encrypted:false
                            SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                            MD5:B1DB55991C3DA14E35249AEA1BC357CA
                            SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                            SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                            SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                            Malicious:false
                            Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                            C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\n4CeZTejKM.exe.log
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:modified
                            Size (bytes):664
                            Entropy (8bit):5.288448637977022
                            Encrypted:false
                            SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                            MD5:B1DB55991C3DA14E35249AEA1BC357CA
                            SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                            SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                            SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                            Malicious:true
                            Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..
                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):17865
                            Entropy (8bit):5.02433858506336
                            Encrypted:false
                            SSDEEP:384:2opbjvwRjdvRHdaXX35Iib4gCwfard3RAFHWrxgbiQ0HzAF8:2opbjoRjdvRHdaH3lCwfard3OFHWrxgo
                            MD5:4E751BEC18CCAEBDF0AF573AE7A32B77
                            SHA1:43858D8314FE18D541C90EEF073BFBFF06C28786
                            SHA-256:08B67A67D18C85BDBAC791C00B5096A960B73350CDD4F4CF6436F9CC4841C40B
                            SHA-512:C046B6532C9BBA6187F6A6E6CC77D7F2FA216897F07376C0727FD3A71C5CFC1AB60F17501E20536A49F8384D9DFF27EA81E5775ED706C0AD47E0ADF17F041AE1
                            Malicious:false
                            Preview: PSMODULECACHE.....9.<&...K...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\DnsClient\DnsClient.psd1........Get-DnsClient........Get-DnsClientNrptGlobal........Set-DnsClientGlobalSetting........Set-DnsClientNrptRule........Get-DnsClientServerAddress........Clear-DnsClientCache........Set-DnsClientNrptGlobal........Get-DnsClientCache........Remove-DnsClientNrptRule........Get-DnsClientGlobalSetting........Add-DnsClientNrptRule........Set-DnsClient........Get-DnsClientNrptRule........Resolve-DnsName........Set-DnsClientServerAddress........Register-DnsClient........Get-DnsClientNrptPolicy...........;...w...C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.Management\Microsoft.PowerShell.Management.psd1^.......New-ItemProperty........Resume-Service........Wait-Process........Restart-Service........gcb........Set-Service........Write-EventLog........gin........Split-Path........Reset-ComputerMachinePassword........scb........Convert-Path........Set-TimeZone.....
                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:data
                            Category:dropped
                            Size (bytes):21664
                            Entropy (8bit):5.594497460067712
                            Encrypted:false
                            SSDEEP:384:ItL6lQKlZXC/TIYSBKnWultInu0pEQeZUVd17ALmzl5WKHVQ3SgSj2DI++j1:xlZCEY4KWultcucEpId3lRGSdco
                            MD5:360726589E368B010C01F35D52906539
                            SHA1:507D57012C48F6EC0BE394AE89F0E06EA8DF0DAB
                            SHA-256:82A976F5287DA86EE2E2F12358EBE120B107DD06DB9B0FACE79F2A7CC7E2B8F4
                            SHA-512:6758B51531EE131581AC0E659B853DE95FCEAF95438364F53BF5A6D50187DAEB2801929F01BE52CCAE63F519261D5F899CB5A7702CBBEAA56FC1AF768A846B3D
                            Malicious:false
                            Preview: @...e...................................>............@..........H...............<@.^.L."My...:R..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)Y.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,j.....(.Microsoft.PowerShell.Commands.ManagementT................7.,.fiD..............*.Microsoft.Management.Inf
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_axdeg3n0.hma.psm1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_c0hg4dvh.1qt.ps1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e23daa5d.if2.psm1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jjwcjsjc.umd.ps1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pej2zjrs.mml.psm1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rdz4vktr.xfo.psm1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_utn1oj0r.spb.ps1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_x13ksxuu.yky.ps1
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:very short file (no magic)
                            Category:dropped
                            Size (bytes):1
                            Entropy (8bit):0.0
                            Encrypted:false
                            SSDEEP:3:U:U
                            MD5:C4CA4238A0B923820DCC509A6F75849B
                            SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                            SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                            SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                            Malicious:false
                            Preview: 1
                            C:\Users\user\AppData\Local\Temp\tmp3DD8.tmp
                            Process:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1647
                            Entropy (8bit):5.198427188443693
                            Encrypted:false
                            SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBdXtn:cbh47TlNQ//rydbz9I3YODOLNdq3L9
                            MD5:83DA5FF120BDC6A05C9E1148152A48F0
                            SHA1:2789E2760A0684E67EF046E7E7F7538C3C198C85
                            SHA-256:CAEEEDE72A392E388155D3C74F199A6046A89C6ED8340C78D7BD6C37F4D4E1D0
                            SHA-512:69049FB7E4A3CC548208529FB951B711D23210969FEDD7B33F0EC69FD7862CE4393F78D4CD5513157E4C66F2934B10F4768F8A99B4B26DD92578CC6DD0454548
                            Malicious:false
                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                            C:\Users\user\AppData\Local\Temp\tmpF565.tmp
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):1647
                            Entropy (8bit):5.198427188443693
                            Encrypted:false
                            SSDEEP:24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBdXtn:cbh47TlNQ//rydbz9I3YODOLNdq3L9
                            MD5:83DA5FF120BDC6A05C9E1148152A48F0
                            SHA1:2789E2760A0684E67EF046E7E7F7538C3C198C85
                            SHA-256:CAEEEDE72A392E388155D3C74F199A6046A89C6ED8340C78D7BD6C37F4D4E1D0
                            SHA-512:69049FB7E4A3CC548208529FB951B711D23210969FEDD7B33F0EC69FD7862CE4393F78D4CD5513157E4C66F2934B10F4768F8A99B4B26DD92578CC6DD0454548
                            Malicious:true
                            Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true
                            C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:ISO-8859 text, with no line terminators
                            Category:dropped
                            Size (bytes):8
                            Entropy (8bit):2.75
                            Encrypted:false
                            SSDEEP:3:5dcP:Ds
                            MD5:BC7C2FFCF05B15DEA4FC6AAC3CC0887B
                            SHA1:F777DA80862B3E57234142EF7D9067A2401D70D6
                            SHA-256:562CA0CF92DC9FC836A8E276CF402B2F0C9E31ABB50DB73A756D7BC4F61117AA
                            SHA-512:F3F282BCF172E492BF8A833541E536AD942ACB587FDB8A6C7B0711D77CC202E568E7FEFC946F7B58A2C6EA06C3A057D66025D1E14E20103AA02B162A3908BED9
                            Malicious:true
                            Preview: XX.U...H
                            C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Category:dropped
                            Size (bytes):992768
                            Entropy (8bit):6.75779325476642
                            Encrypted:false
                            SSDEEP:12288:5EMXiA97oRAgvitEQ6TFQdNXDfx2EHphAKeZrdhOBcc3:nH97AZfQ0GdNMEHbkhOH
                            MD5:B8362F2F6E0353819FA0DD8A35EF6A58
                            SHA1:F1CB392FA0FD6ACBB6EB1D858064A74FD5272FF3
                            SHA-256:0EF41DABAA6AF07317DD45595F15625CB7517650BB13B365DE0717D3CAD26197
                            SHA-512:BB06D70FB66480A8A7BC464A4AE3F4E0EE08D38F06779571B83E23B7CAC00DDF1DA417FA8754541514CC971CA3FAF549EB9F40BFDA2E0EF77444ECBA6BE6C923
                            Malicious:true
                            Antivirus:
                            • Antivirus: Joe Sandbox ML, Detection: 100%
                            • Antivirus: Metadefender, Detection: 24%, Browse
                            • Antivirus: ReversingLabs, Detection: 69%
                            Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#G]`..............P......L......n.... ........@.. ....................................@.....................................O.......$I...................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc...$I.......J..................@..@.reloc.......`.......$..............@..B................P.......H........Q...K...............[...........................................0............(;...(<.........(.....o=....*.....................(>......(?......(@......(A......(B....*N..(....oA...(C....*&..(D....*.sE........sF........sG........sH........sI........*....0...........~....oJ....+..*.0...........~....oK....+..*.0...........~....oL....+..*.0...........~....oM....+..*.0...........~....oN....+..*&..(O....*...0..<........~.....(P.....,!r...p.....(Q...oR...sS............~.....
                            C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe:Zone.Identifier
                            Process:C:\Users\user\Desktop\n4CeZTejKM.exe
                            File Type:ASCII text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):26
                            Entropy (8bit):3.95006375643621
                            Encrypted:false
                            SSDEEP:3:ggPYV:rPYV
                            MD5:187F488E27DB4AF347237FE461A079AD
                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                            Malicious:true
                            Preview: [ZoneTransfer]....ZoneId=0
                            C:\Users\user\Documents\20210407\PowerShell_transcript.980108.ECse6Ohy.20210407120705.txt
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):5805
                            Entropy (8bit):5.416580629940367
                            Encrypted:false
                            SSDEEP:96:BZLh8NrqDo1ZhZRh8NrqDo1Z5GoOjZeh8NrqDo1ZCVfee0Zr:1A
                            MD5:104D8EFE3FDA0E9A1361627665B03AAC
                            SHA1:0B066E4FB41F2B247A31C7E02CE385F464040030
                            SHA-256:F802B1A41CC8DE988E18323C4EBB5B911EBABA42ECE30A16A5A56F3F55E11878
                            SHA-512:4EA8A420121C4CEB07067BD78494441D7A19976F236C48F696F6E700E25553AEFE946B005B5C556583AF014E8CA0C34A08F4997D8AA14BA81EA2D62F3A405385
                            Malicious:false
                            Preview: .**********************..Windows PowerShell transcript start..Start time: 20210407120723..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 980108 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe..Process ID: 6788..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210407120723..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe..**********************..Windows PowerShell transcript start..Start time: 20210407121245..Username: computer\user..RunAs User: DESKTOP-716T
                            C:\Users\user\Documents\20210407\PowerShell_transcript.980108.IThRkPer.20210407120726.txt
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):5805
                            Entropy (8bit):5.41181055573263
                            Encrypted:false
                            SSDEEP:96:BZPh8NKqDo1ZRZ9h8NKqDo1Z6GoOjZZh8NKqDo1ZdfeeObZEi:K
                            MD5:DCABB212A7382C7ABF3BBBD87F523CC6
                            SHA1:39FF77F92C4454456495A9F5BAB1F345DA391A04
                            SHA-256:F307A40AF8FBF1F340D8476A64FB787F8C95D3C75BBB28AA781D968E99E4B47C
                            SHA-512:06F46DECC33362D60829E389D43B464CBA928AA605DD3C36917E7EF47FADE925B4B61DADC51ECF90427B1F3CB4A4856DB10EF5ED108A01CA1D46A38E1CD2CAE5
                            Malicious:false
                            Preview: .**********************..Windows PowerShell transcript start..Start time: 20210407120811..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 980108 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe..Process ID: 6132..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210407120811..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe..**********************..Windows PowerShell transcript start..Start time: 20210407121212..Username: computer\user..RunAs User: DESKTOP-716T
                            C:\Users\user\Documents\20210407\PowerShell_transcript.980108.eyquLQAd.20210407120723.txt
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):3691
                            Entropy (8bit):5.2246933254566414
                            Encrypted:false
                            SSDEEP:96:BZ8nh8NYqDo1Z2Z4h8NYqDo1ZBlzvOzGMzGMzwyZU:8vyGgGgwD
                            MD5:17C31712FC3B977759DED677E8074C9A
                            SHA1:E65F7EC1AAA3650759C944E7E60F9F0F4FC108F2
                            SHA-256:C04D538E3F7D279FC1ACF3CECA9E7A1607DA178EA81C6AB16C3BBC9AE4A37937
                            SHA-512:03A225B372F66DC7831241D3214D00A7B602E96AAB9C3F5EF8114942715E86883A640CDF9CC4ED6275D775326E8128132C913DF3B0809DD26EC0293DC4625145
                            Malicious:false
                            Preview: .**********************..Windows PowerShell transcript start..Start time: 20210407120757..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 980108 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe..Process ID: 6120..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210407120758..**********************..PS>Add-MpPreference -ExclusionPath C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe..**********************..Windows PowerShell transcript start..Start time: 20210407121604..Username: computer\user..RunAs User: computer\
                            C:\Users\user\Documents\20210407\PowerShell_transcript.980108.uu_KBH0g.20210407120702.txt
                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                            Category:dropped
                            Size (bytes):5733
                            Entropy (8bit):5.39655048255073
                            Encrypted:false
                            SSDEEP:96:BZIPh8NqEqDo1ZWSpZ4h8NqEqDo1ZiG9w9O9jZyh8NqEqDo1Z019+9+9uZx:sbPSIMiUGd88s
                            MD5:98BFEE5676F9CA48BB57F9827860F0DF
                            SHA1:56F430264A3E11F97734DF549C8A003302CFFD06
                            SHA-256:F9EE3D7728672764DF455041A6CCC9690179DC9FFA6FE56BD0C1D6132E589E47
                            SHA-512:036CB22311CB39F962D01113910EB883BA14A36784EE53B7B794916084BE4731187C510B5901712E5D411363067D0A7F18A1454884C634F02EF144DCE15032BF
                            Malicious:false
                            Preview: .**********************..Windows PowerShell transcript start..Start time: 20210407120720..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 980108 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\n4CeZTejKM.exe..Process ID: 6640..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210407120720..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\n4CeZTejKM.exe..**********************..Windows PowerShell transcript start..Start time: 20210407121741..Username: computer\user..RunAs User: computer\user..Configuration

                            Static File Info

                            General

                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                            Entropy (8bit):6.75779325476642
                            TrID:
                            • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                            • Win32 Executable (generic) a (10002005/4) 49.75%
                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                            • Windows Screen Saver (13104/52) 0.07%
                            • Generic Win/DOS Executable (2004/3) 0.01%
                            File name:n4CeZTejKM.exe
                            File size:992768
                            MD5:b8362f2f6e0353819fa0dd8a35ef6a58
                            SHA1:f1cb392fa0fd6acbb6eb1d858064a74fd5272ff3
                            SHA256:0ef41dabaa6af07317dd45595f15625cb7517650bb13b365de0717d3cad26197
                            SHA512:bb06d70fb66480a8a7bc464a4ae3f4e0ee08d38f06779571b83e23b7cac00ddf1da417fa8754541514cc971ca3faf549eb9f40bfda2e0ef77444ecba6be6c923
                            SSDEEP:12288:5EMXiA97oRAgvitEQ6TFQdNXDfx2EHphAKeZrdhOBcc3:nH97AZfQ0GdNMEHbkhOH
                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...#G]`..............P......L......n.... ........@.. ....................................@................................

                            File Icon

                            Icon Hash:40d2d2d2c6c6d200

                            Static PE Info

                            General

                            Entrypoint:0x4ef76e
                            Entrypoint Section:.text
                            Digitally signed:false
                            Imagebase:0x400000
                            Subsystem:windows gui
                            Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                            DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                            Time Stamp:0x605D4723 [Fri Mar 26 02:29:55 2021 UTC]
                            TLS Callbacks:
                            CLR (.Net) Version:v2.0.50727
                            OS Version Major:4
                            OS Version Minor:0
                            File Version Major:4
                            File Version Minor:0
                            Subsystem Version Major:4
                            Subsystem Version Minor:0
                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                            Entrypoint Preview

                            Instruction
                            jmp dword ptr [00402000h]
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al
                            add byte ptr [eax], al

                            Data Directories

                            NameVirtual AddressVirtual Size Is in Section
                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IMPORT0xef71c0x4f.text
                            IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x4924.rsrc
                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                            IMAGE_DIRECTORY_ENTRY_BASERELOC0xf60000xc.reloc
                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                            Sections

                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                            .text0x20000xed7740xed800False0.531135896382data6.80300279946IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                            .rsrc0xf00000x49240x4a00False0.253695101351data3.28486972218IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                            .reloc0xf60000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                            Resources

                            NameRVASizeTypeLanguageCountry
                            RT_ICON0xf01000x4228dBase III DBT, version number 0, next free block index 40
                            RT_GROUP_ICON0xf43380x14data
                            RT_VERSION0xf435c0x3c8data
                            RT_MANIFEST0xf47340x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                            Imports

                            DLLImport
                            mscoree.dll_CorExeMain

                            Version Infos

                            DescriptionData
                            Translation0x0000 0x04b0
                            LegalCopyrightMitsubishi Grandis
                            Assembly Version2.0.0.8
                            InternalNameFlushWriteAsyncd42.exe
                            FileVersion2.0.0.8
                            CompanyName
                            LegalTrademarks
                            CommentsA control that is a cross between a TreeView and ListView
                            ProductNameTreeListView
                            ProductVersion2.0.0.8
                            FileDescriptionTreeListView
                            OriginalFilenameFlushWriteAsyncd42.exe

                            Network Behavior

                            Snort IDS Alerts

                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                            04/07/21-12:08:51.366361ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.337.235.1.177
                            04/07/21-12:08:57.463781ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.337.235.1.174

                            Network Port Distribution

                            TCP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Apr 7, 2021 12:07:08.955805063 CEST497058282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:08.997693062 CEST828249705194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:09.498339891 CEST497058282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:09.540368080 CEST828249705194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:10.045350075 CEST497058282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:10.087270975 CEST828249705194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:24.140595913 CEST497098282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:24.181890965 CEST828249709194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:24.720387936 CEST497098282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:24.761925936 CEST828249709194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:25.280903101 CEST497098282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:25.323470116 CEST828249709194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:30.747617960 CEST497128282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:30.789664984 CEST828249712194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:31.375108004 CEST497128282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:31.416950941 CEST828249712194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:31.968951941 CEST497128282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:32.010413885 CEST828249712194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:53.537945986 CEST497268282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:53.581038952 CEST828249726194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:54.283289909 CEST497268282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:54.326841116 CEST828249726194.5.98.9192.168.2.3
                            Apr 7, 2021 12:07:54.970818996 CEST497268282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:07:55.012243032 CEST828249726194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:02.228030920 CEST497288282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:02.270768881 CEST828249728194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:02.783958912 CEST497288282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:02.825546980 CEST828249728194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:03.330938101 CEST497288282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:03.372982025 CEST828249728194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:13.093048096 CEST497328282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:13.135967970 CEST828249732194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:13.644242048 CEST497328282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:13.686116934 CEST828249732194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:14.191200018 CEST497328282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:14.232889891 CEST828249732194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:50.274300098 CEST497428282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:50.316080093 CEST828249742194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:50.819183111 CEST497428282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:50.860692024 CEST828249742194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:51.366091013 CEST497428282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:51.408396959 CEST828249742194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:56.499160051 CEST497438282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:56.540694952 CEST828249743194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:57.054162979 CEST497438282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:57.097485065 CEST828249743194.5.98.9192.168.2.3
                            Apr 7, 2021 12:08:57.601178885 CEST497438282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:08:57.645791054 CEST828249743194.5.98.9192.168.2.3
                            Apr 7, 2021 12:09:04.794033051 CEST497448282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:09:04.835779905 CEST828249744194.5.98.9192.168.2.3
                            Apr 7, 2021 12:09:05.336066961 CEST497448282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:09:05.378210068 CEST828249744194.5.98.9192.168.2.3
                            Apr 7, 2021 12:09:05.883148909 CEST497448282192.168.2.3194.5.98.9
                            Apr 7, 2021 12:09:05.927488089 CEST828249744194.5.98.9192.168.2.3

                            UDP Packets

                            TimestampSource PortDest PortSource IPDest IP
                            Apr 7, 2021 12:07:07.790890932 CEST5062053192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:08.780201912 CEST5062053192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:08.809835911 CEST535062037.235.1.174192.168.2.3
                            Apr 7, 2021 12:07:14.689867020 CEST5598453192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:15.988897085 CEST5598453192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:16.999814034 CEST5598453192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:19.046530008 CEST5598453192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:23.113275051 CEST5598453192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:24.137429953 CEST535598437.235.1.174192.168.2.3
                            Apr 7, 2021 12:07:29.874258041 CEST6418553192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:30.708245993 CEST536418537.235.1.174192.168.2.3
                            Apr 7, 2021 12:07:52.408004999 CEST5135253192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:53.517241955 CEST535135237.235.1.174192.168.2.3
                            Apr 7, 2021 12:07:53.536180019 CEST5135253192.168.2.337.235.1.174
                            Apr 7, 2021 12:07:59.170382023 CEST5934953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:00.175076008 CEST5934953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:01.206177950 CEST5934953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:02.227020979 CEST535934937.235.1.174192.168.2.3
                            Apr 7, 2021 12:08:07.782757998 CEST5882353192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:08.805272102 CEST5882353192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:09.977143049 CEST5882353192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:11.988413095 CEST5882353192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:13.013056040 CEST535882337.235.1.174192.168.2.3
                            Apr 7, 2021 12:08:35.834372044 CEST5657953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:36.862322092 CEST5657953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:37.943831921 CEST5657953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:39.943721056 CEST5657953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:43.960089922 CEST5657953192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:48.026032925 CEST6063353192.168.2.337.235.1.177
                            Apr 7, 2021 12:08:49.058722019 CEST6063353192.168.2.337.235.1.177
                            Apr 7, 2021 12:08:50.081543922 CEST536063337.235.1.177192.168.2.3
                            Apr 7, 2021 12:08:50.270971060 CEST6063353192.168.2.337.235.1.177
                            Apr 7, 2021 12:08:51.366216898 CEST536063337.235.1.177192.168.2.3
                            Apr 7, 2021 12:08:55.472393036 CEST6129253192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:56.461020947 CEST6129253192.168.2.337.235.1.174
                            Apr 7, 2021 12:08:56.497888088 CEST536129237.235.1.174192.168.2.3
                            Apr 7, 2021 12:08:57.463502884 CEST536129237.235.1.174192.168.2.3
                            Apr 7, 2021 12:09:01.684366941 CEST6361953192.168.2.337.235.1.174
                            Apr 7, 2021 12:09:02.711464882 CEST6361953192.168.2.337.235.1.174
                            Apr 7, 2021 12:09:03.772718906 CEST6361953192.168.2.337.235.1.174
                            Apr 7, 2021 12:09:04.793008089 CEST536361937.235.1.174192.168.2.3

                            ICMP Packets

                            TimestampSource IPDest IPChecksumCodeType
                            Apr 7, 2021 12:08:51.366360903 CEST192.168.2.337.235.1.177e790(Port unreachable)Destination Unreachable
                            Apr 7, 2021 12:08:57.463781118 CEST192.168.2.337.235.1.174e78d(Port unreachable)Destination Unreachable

                            DNS Queries

                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                            Apr 7, 2021 12:07:07.790890932 CEST192.168.2.337.235.1.1740x56b6Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:08.780201912 CEST192.168.2.337.235.1.1740x56b6Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:14.689867020 CEST192.168.2.337.235.1.1740xe49eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:15.988897085 CEST192.168.2.337.235.1.1740xe49eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:16.999814034 CEST192.168.2.337.235.1.1740xe49eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:19.046530008 CEST192.168.2.337.235.1.1740xe49eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:23.113275051 CEST192.168.2.337.235.1.1740xe49eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:29.874258041 CEST192.168.2.337.235.1.1740xb3bcStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:52.408004999 CEST192.168.2.337.235.1.1740xd91eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:53.536180019 CEST192.168.2.337.235.1.1740xd91eStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:59.170382023 CEST192.168.2.337.235.1.1740x14adStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:00.175076008 CEST192.168.2.337.235.1.1740x14adStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:01.206177950 CEST192.168.2.337.235.1.1740x14adStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:07.782757998 CEST192.168.2.337.235.1.1740x8c5cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:08.805272102 CEST192.168.2.337.235.1.1740x8c5cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:09.977143049 CEST192.168.2.337.235.1.1740x8c5cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:11.988413095 CEST192.168.2.337.235.1.1740x8c5cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:35.834372044 CEST192.168.2.337.235.1.1740xb81cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:36.862322092 CEST192.168.2.337.235.1.1740xb81cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:37.943831921 CEST192.168.2.337.235.1.1740xb81cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:39.943721056 CEST192.168.2.337.235.1.1740xb81cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:43.960089922 CEST192.168.2.337.235.1.1740xb81cStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:48.026032925 CEST192.168.2.337.235.1.1770x779Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:49.058722019 CEST192.168.2.337.235.1.1770x779Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:50.270971060 CEST192.168.2.337.235.1.1770x779Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:55.472393036 CEST192.168.2.337.235.1.1740xfe8aStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:56.461020947 CEST192.168.2.337.235.1.1740xfe8aStandard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:09:01.684366941 CEST192.168.2.337.235.1.1740x1c24Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:09:02.711464882 CEST192.168.2.337.235.1.1740x1c24Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)
                            Apr 7, 2021 12:09:03.772718906 CEST192.168.2.337.235.1.1740x1c24Standard query (0)lastme11.ddns.netA (IP address)IN (0x0001)

                            DNS Answers

                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                            Apr 7, 2021 12:07:08.809835911 CEST37.235.1.174192.168.2.30x56b6No error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:24.137429953 CEST37.235.1.174192.168.2.30xe49eNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:30.708245993 CEST37.235.1.174192.168.2.30xb3bcNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:07:53.517241955 CEST37.235.1.174192.168.2.30xd91eNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:02.227020979 CEST37.235.1.174192.168.2.30x14adNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:13.013056040 CEST37.235.1.174192.168.2.30x8c5cNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:50.081543922 CEST37.235.1.177192.168.2.30x779No error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:51.366216898 CEST37.235.1.177192.168.2.30x779No error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:56.497888088 CEST37.235.1.174192.168.2.30xfe8aNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:08:57.463502884 CEST37.235.1.174192.168.2.30xfe8aNo error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)
                            Apr 7, 2021 12:09:04.793008089 CEST37.235.1.174192.168.2.30x1c24No error (0)lastme11.ddns.net194.5.98.9A (IP address)IN (0x0001)

                            Code Manipulations

                            Statistics

                            CPU Usage

                            Click to jump to process

                            Memory Usage

                            Click to jump to process

                            High Level Behavior Distribution

                            Click to dive into process behavior distribution

                            Behavior

                            Click to jump to process

                            System Behavior

                            Analysis Process: n4CeZTejKM.exe PID: 6528 Parent PID: 5604

                            General

                            Start time:12:06:58
                            Start date:07/04/2021
                            Path:C:\Users\user\Desktop\n4CeZTejKM.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Users\user\Desktop\n4CeZTejKM.exe'
                            Imagebase:0x6c0000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Yara matches:
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 00000001.00000002.217601761.0000000003D81000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.215030094.0000000002D81000.00000004.00000001.sdmp, Author: Joe Security
                            Reputation:low

                            Chronological Activities

                            Analysis Process: powershell.exe PID: 6640 Parent PID: 6528

                            General

                            Start time:12:07:01
                            Start date:07/04/2021
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\n4CeZTejKM.exe'
                            Imagebase:0x300000
                            File size:430592 bytes
                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 6652 Parent PID: 6640

                            General

                            Start time:12:07:01
                            Start date:07/04/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6b2800000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: schtasks.exe PID: 6660 Parent PID: 6528

                            General

                            Start time:12:07:01
                            Start date:07/04/2021
                            Path:C:\Windows\SysWOW64\schtasks.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmpF565.tmp'
                            Imagebase:0xd40000
                            File size:185856 bytes
                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 6708 Parent PID: 6660

                            General

                            Start time:12:07:01
                            Start date:07/04/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6b2800000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: powershell.exe PID: 6788 Parent PID: 6528

                            General

                            Start time:12:07:02
                            Start date:07/04/2021
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
                            Imagebase:0x300000
                            File size:430592 bytes
                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 6796 Parent PID: 6788

                            General

                            Start time:12:07:02
                            Start date:07/04/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6b2800000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: n4CeZTejKM.exe PID: 6804 Parent PID: 6528

                            General

                            Start time:12:07:02
                            Start date:07/04/2021
                            Path:C:\Users\user\Desktop\n4CeZTejKM.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Users\user\Desktop\n4CeZTejKM.exe
                            Imagebase:0x210000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: n4CeZTejKM.exe PID: 6900 Parent PID: 6528

                            General

                            Start time:12:07:03
                            Start date:07/04/2021
                            Path:C:\Users\user\Desktop\n4CeZTejKM.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Users\user\Desktop\n4CeZTejKM.exe
                            Imagebase:0xf10000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Yara matches:
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.466535067.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.487039401.0000000005F00000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000009.00000002.486853202.0000000005C70000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 00000009.00000002.486853202.0000000005C70000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 00000009.00000002.484515558.00000000046B7000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                            Chronological Activities

                            Analysis Process: dhcpmon.exe PID: 5820 Parent PID: 3388

                            General

                            Start time:12:07:14
                            Start date:07/04/2021
                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                            Imagebase:0x330000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Yara matches:
                            • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000A.00000002.276077719.0000000002BC1000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 0000000A.00000002.282359113.0000000003BC1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                            Antivirus matches:
                            • Detection: 100%, Joe Sandbox ML
                            • Detection: 24%, Metadefender, Browse
                            • Detection: 69%, ReversingLabs

                            Chronological Activities

                            Analysis Process: powershell.exe PID: 6120 Parent PID: 5820

                            General

                            Start time:12:07:19
                            Start date:07/04/2021
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
                            Imagebase:0x300000
                            File size:430592 bytes
                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 6128 Parent PID: 6120

                            General

                            Start time:12:07:19
                            Start date:07/04/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6b2800000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: schtasks.exe PID: 1020 Parent PID: 5820

                            General

                            Start time:12:07:19
                            Start date:07/04/2021
                            Path:C:\Windows\SysWOW64\schtasks.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\sIlqvNJawsmeFV' /XML 'C:\Users\user\AppData\Local\Temp\tmp3DD8.tmp'
                            Imagebase:0xd40000
                            File size:185856 bytes
                            MD5 hash:15FF7D8324231381BAD48A052F85DF04
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 1276 Parent PID: 1020

                            General

                            Start time:12:07:20
                            Start date:07/04/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6b2800000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: powershell.exe PID: 6132 Parent PID: 5820

                            General

                            Start time:12:07:20
                            Start date:07/04/2021
                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                            Wow64 process (32bit):true
                            Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\sIlqvNJawsmeFV.exe'
                            Imagebase:0x300000
                            File size:430592 bytes
                            MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET

                            Chronological Activities

                            Analysis Process: conhost.exe PID: 5408 Parent PID: 6132

                            General

                            Start time:12:07:21
                            Start date:07/04/2021
                            Path:C:\Windows\System32\conhost.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Imagebase:0x7ff6b2800000
                            File size:625664 bytes
                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: dhcpmon.exe PID: 3348 Parent PID: 5820

                            General

                            Start time:12:07:21
                            Start date:07/04/2021
                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Imagebase:0x20000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: dhcpmon.exe PID: 6324 Parent PID: 5820

                            General

                            Start time:12:07:23
                            Start date:07/04/2021
                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Imagebase:0x1b0000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: dhcpmon.exe PID: 2168 Parent PID: 5820

                            General

                            Start time:12:07:24
                            Start date:07/04/2021
                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Wow64 process (32bit):false
                            Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Imagebase:0x230000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:C, C++ or other language

                            Chronological Activities

                            Analysis Process: dhcpmon.exe PID: 6712 Parent PID: 5820

                            General

                            Start time:12:07:26
                            Start date:07/04/2021
                            Path:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Wow64 process (32bit):true
                            Commandline:C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
                            Imagebase:0x7b0000
                            File size:992768 bytes
                            MD5 hash:B8362F2F6E0353819FA0DD8A35EF6A58
                            Has elevated privileges:true
                            Has administrator privileges:true
                            Programmed in:.Net C# or VB.NET
                            Yara matches:
                            • Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 00000017.00000002.281694344.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>
                            • Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, Author: Joe Security
                            • Rule: NanoCore, Description: unknown, Source: 00000017.00000002.299890051.0000000003ED1000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net>

                            Chronological Activities

                            Disassembly

                            Code Analysis

                            Reset < >

                              Analysis Process: n4CeZTejKM.exe PID: 6528 Parent PID: 5604 n4CeZTejKM.exeCOMMON

                              Executed Functions

                              Function 04F50EB8, Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$X1ar
                              • API String ID: 0-3821969665
                              • Opcode ID: 521d427400873a98a705a278091529b56c14ab78e65c3ba9362479671bccbc83
                              • Instruction ID: c366c52d28a6c55b363a09158025c7b706acc626b66acc0aad9bf6ab14ce43a8
                              • Opcode Fuzzy Hash: 521d427400873a98a705a278091529b56c14ab78e65c3ba9362479671bccbc83
                              • Instruction Fuzzy Hash: 8271C774E012189FDB04DFAAC951B9DFBF2BF88304F248129E508AB365EB756945CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50EC8, Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$X1ar
                              • API String ID: 0-3821969665
                              • Opcode ID: 5e773a6645bf5bc6a0bd09adae907ed6fa3abbfd5c50a29e5b886ae5285aa4c5
                              • Instruction ID: e93e82d1659b7ec20471cdc84d6addf0f3a279dc6465f3fdad3dfe7880c3c50a
                              • Opcode Fuzzy Hash: 5e773a6645bf5bc6a0bd09adae907ed6fa3abbfd5c50a29e5b886ae5285aa4c5
                              • Instruction Fuzzy Hash: D8619574E002189FDB04DFAAC951B9EFBF2BF88304F208029E508AB355EB756941CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10F8B, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                              Download Yara Rule
                              APIs
                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05F1100B
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: AdjustPrivilegesToken
                              • String ID:
                              • API String ID: 2874748243-0
                              • Opcode ID: 6d43b6507eeef931aa229c778bdd4e0335785825e23ca59e5b99cfe3fa447d1d
                              • Instruction ID: 57c758d83520237f55bc9be4c427eeb6114b4847503bb229afa25153f5799791
                              • Opcode Fuzzy Hash: 6d43b6507eeef931aa229c778bdd4e0335785825e23ca59e5b99cfe3fa447d1d
                              • Instruction Fuzzy Hash: 0B21BF76509380AFDB228F25DC44F52BFB4EF16210F08849AED858F163D275A918DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F113A9, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05F11411
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: InformationQuerySystem
                              • String ID:
                              • API String ID: 3562636166-0
                              • Opcode ID: 360dc76823a42d7b592c6b0713ae60565b8abc19ed786fe783ef386d78246c6d
                              • Instruction ID: 7170bbee760fc0a12b0d6d602a2ad78957083b16efaea79b0ff020c4c19c5fed
                              • Opcode Fuzzy Hash: 360dc76823a42d7b592c6b0713ae60565b8abc19ed786fe783ef386d78246c6d
                              • Instruction Fuzzy Hash: F111BF75409780AFDB228F21DC44A52FFB4FF06710F0884DAEE854B263D275A519DBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10FC2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05F1100B
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: AdjustPrivilegesToken
                              • String ID:
                              • API String ID: 2874748243-0
                              • Opcode ID: d42cc3a10c070b5d5083e9ed3c8cb17eb98e419bafa5ddd9d6222770dafe0363
                              • Instruction ID: 065c8376e27652f1707fae7cae939af244a35b94fba2cc1800550917c5efd79b
                              • Opcode Fuzzy Hash: d42cc3a10c070b5d5083e9ed3c8cb17eb98e419bafa5ddd9d6222770dafe0363
                              • Instruction Fuzzy Hash: 06119E32900640DFDB20CF65D884B66FFE8EF04220F08C46ADE4A8B612D675E418DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F113D6, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05F11411
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: InformationQuerySystem
                              • String ID:
                              • API String ID: 3562636166-0
                              • Opcode ID: 8da587d99e02228398c3efed116e2af4141882941580a200e8f501425d90afe5
                              • Instruction ID: 535dafc51bbb38bac4c7e5201b70ff1d81b11e7a39d2054e27b778c7ebde0efd
                              • Opcode Fuzzy Hash: 8da587d99e02228398c3efed116e2af4141882941580a200e8f501425d90afe5
                              • Instruction Fuzzy Hash: 7A018F35400640DFDB20CF15D844B66FFA5FF09B20F08C49ADE490B212D2BAA418DFA6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F505A8, Relevance: 5.2, Strings: 4, Instructions: 201COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$\,$`5ar$xe
                              • API String ID: 0-3902269057
                              • Opcode ID: 93ddd4993e987696e312c90e6aca14811325243c0e442e919a9849bf1715127f
                              • Instruction ID: f23f1683cee087027d41b3bfb4d56e8afe3ac909b1bb7353bb04233a4b8ecf70
                              • Opcode Fuzzy Hash: 93ddd4993e987696e312c90e6aca14811325243c0e442e919a9849bf1715127f
                              • Instruction Fuzzy Hash: E8910574E00219CFDB54DFA9C894BADBBF1BF89310F10506AD909AB360DB71A941DF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10872, Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                              Download Yara Rule
                              APIs
                              • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05F10952
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: FileNameTemp
                              • String ID:
                              • API String ID: 745986568-0
                              • Opcode ID: f55eda2074129b114e50f80707f941a0e4574fba4396eb66661e4e513d61a4f1
                              • Instruction ID: d2896b3681a778e10bd3dac1e8d6753c5086a514f81f4066bb929eed1228a8a3
                              • Opcode Fuzzy Hash: f55eda2074129b114e50f80707f941a0e4574fba4396eb66661e4e513d61a4f1
                              • Instruction Fuzzy Hash: 46417F6240E3C05FD7038B658C65A52BFB4EF87720F0A84DBD8C49F1A3D664691AC7A2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10C2B, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05F10CE3
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 5c37b9bdb5e8a081f288cc96c8618805cb6fc3984b96c6a8c35b2eeb585b1446
                              • Instruction ID: 57fdee676b36e56505beafa13eaefdf1ea8f06ddbc29c4608b551e08e6c6adac
                              • Opcode Fuzzy Hash: 5c37b9bdb5e8a081f288cc96c8618805cb6fc3984b96c6a8c35b2eeb585b1446
                              • Instruction Fuzzy Hash: 8931E872404344AFEB12CF64DC44FA7BFECEF06314F0885AAE9859B152D764A909CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00E8ABD5
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: e786ecfe2e84a5e8ea85f6934cbfb53468757c781d6c98418ffe85b303e2eadb
                              • Instruction ID: 0d59d9fe6bd1fd2ba27c480426d6825f1791b54a1ddd546349c03570de4ad7f6
                              • Opcode Fuzzy Hash: e786ecfe2e84a5e8ea85f6934cbfb53468757c781d6c98418ffe85b303e2eadb
                              • Instruction Fuzzy Hash: F431C572544384AFE7228B25CC45F67FFBCEF06710F0884ABED859B152D264A849CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8BA68, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                              Download Yara Rule
                              APIs
                              • GetTokenInformation.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 00E8BB10
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: InformationToken
                              • String ID:
                              • API String ID: 4114910276-0
                              • Opcode ID: 9b3f215fe2ec0a786f129e86504d7902858b87f974f7725982fc9460ecfca3a1
                              • Instruction ID: fa3dd0163348c59a62d89bf14a1c5565eadc7ec3a1a51a420060660570ac37f2
                              • Opcode Fuzzy Hash: 9b3f215fe2ec0a786f129e86504d7902858b87f974f7725982fc9460ecfca3a1
                              • Instruction Fuzzy Hash: 0931C4B2404744AFE722CF54DC85FA7BFACEF46314F0885ABE9489B152D324A905CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10988, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05F10A29
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: bf62c7f3c2e6dd82193bddd1dceb95512d18a2077d6c7c775eb60244034c0ca6
                              • Instruction ID: 432b63a9a9904eab1b6b4573b3a3f0c097dd4adf7cf27ef754073a2ca0ed13c1
                              • Opcode Fuzzy Hash: bf62c7f3c2e6dd82193bddd1dceb95512d18a2077d6c7c775eb60244034c0ca6
                              • Instruction Fuzzy Hash: BE3169B1505384AFE722CF65CC44F66BFE8EF45620F0884AEED858B252D375E809CB65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F1026A, Relevance: 1.6, APIs: 1, Instructions: 89fileCOMMON
                              Download Yara Rule
                              APIs
                              • CopyFileW.KERNELBASE(?,?,?), ref: 05F102F6
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: CopyFile
                              • String ID:
                              • API String ID: 1304948518-0
                              • Opcode ID: 8277507c4aad45d65d882721cd1e9f9973bc15508c229f96acc9866aeb962187
                              • Instruction ID: eb66221b131d2e6bd4ddc34fdf16349e3de2fd5ac208a4b60bfe116cb8e0e374
                              • Opcode Fuzzy Hash: 8277507c4aad45d65d882721cd1e9f9973bc15508c229f96acc9866aeb962187
                              • Instruction Fuzzy Hash: 1C318C7150D3C05FD7138B249C65A62BFB8AF07210F0D84DBEC88CF1A3E229A848C762
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8B96A, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              • CreateMutexW.KERNELBASE(?,?), ref: 00E8BA11
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 850009b55ecd3b4e4b5104f1e2b669bbf25baec4fccc3c6384f48fcf13599b27
                              • Instruction ID: 11df67823cc8cf599a327562e232068dc0d8ccf38f17402357a02ca8aa4f5290
                              • Opcode Fuzzy Hash: 850009b55ecd3b4e4b5104f1e2b669bbf25baec4fccc3c6384f48fcf13599b27
                              • Instruction Fuzzy Hash: 4531A171509380AFE712CB65CC84F56FFE8EF06314F08849AE988DB293D364E909CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 00E8ACD8
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 42bb69ae7a22332b3555dcf93239f46a52154df9b64b307ba2437f5e37e82dd7
                              • Instruction ID: b4aabc5e68b3f36162577ab46da0b1b57c998be8af3c1c5906bc9f145a460b4c
                              • Opcode Fuzzy Hash: 42bb69ae7a22332b3555dcf93239f46a52154df9b64b307ba2437f5e37e82dd7
                              • Instruction Fuzzy Hash: D931B371104384AFE722CF21CC44F62BFB8EF06714F1884ABE989DB252D264E849CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F112BC, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 05F11350
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 7f64e3706cdd37ec5b0d68b15560cfc9aa48a9c6cf62cb85169fdbbac46d3518
                              • Instruction ID: 58f1e3f5c5076b5fc8b7df135793d77791604628c3e666783d0df45e2b75107c
                              • Opcode Fuzzy Hash: 7f64e3706cdd37ec5b0d68b15560cfc9aa48a9c6cf62cb85169fdbbac46d3518
                              • Instruction Fuzzy Hash: F921F6725493806FEB128B24DC55FA6BFB8EF43324F0884EBE984DF193C2649905C761
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F104BA, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                              Download Yara Rule
                              APIs
                              • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05F10557
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: OpenPolicy
                              • String ID:
                              • API String ID: 2030686058-0
                              • Opcode ID: f51f5e8a92a1f80e3d0ebd28dab014392ba8f445417758fe9a2cd0a4a1827541
                              • Instruction ID: 727fcbff95e59f6d8ee3be5e2d1f2099b309c159f35a40da3aac126b08580d15
                              • Opcode Fuzzy Hash: f51f5e8a92a1f80e3d0ebd28dab014392ba8f445417758fe9a2cd0a4a1827541
                              • Instruction Fuzzy Hash: 46219172504344AFE721CF64DC45F66FFACEF45710F04849AED44DB152D364A948CB65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10C66, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05F10CE3
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 0749275e0c1c4436fa1bdef96f70fe68780c6773dbeb976336c2fb4f044ace09
                              • Instruction ID: 93a1e0f8eced78db0420a39bfdfe51340c20ca60f69b74528cb1978f43dd1c91
                              • Opcode Fuzzy Hash: 0749275e0c1c4436fa1bdef96f70fe68780c6773dbeb976336c2fb4f044ace09
                              • Instruction Fuzzy Hash: 1321CF72500304AFEB21DF65DC44F6BFBECEF04720F04886AEE459B251DA74A4498BB5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10D41, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileW.KERNELBASE(?), ref: 05F10DC8
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: ddf911c40c03c7f3d8b5294deb20bb6ea9a21119ab782daf1b6eba89480ff0e2
                              • Instruction ID: 4b79ab65d0a06950a581d70d056bd72065e397ce68c3e688dbc28c51dcff55be
                              • Opcode Fuzzy Hash: ddf911c40c03c7f3d8b5294deb20bb6ea9a21119ab782daf1b6eba89480ff0e2
                              • Instruction Fuzzy Hash: FB21D1725093C09FD713CB35DC54B92BFA8EF07610F0984DADC858F263D625A948CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10A80, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              • GetFileType.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 05F10B15
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: FileType
                              • String ID:
                              • API String ID: 3081899298-0
                              • Opcode ID: c96d9886b81d221e1e27784accc6c88d5ed43d7733c6c9341c9dca4a8052f9c4
                              • Instruction ID: cce7f5d048b2ca6bcd93a924698a7a74ac121042958d781cb63fc4fd3a9e0033
                              • Opcode Fuzzy Hash: c96d9886b81d221e1e27784accc6c88d5ed43d7733c6c9341c9dca4a8052f9c4
                              • Instruction Fuzzy Hash: FB2106B6408780AFE312CB25DC40FA2BFA8EF47720F08809BED858B153D264A905C775
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F109AA, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05F10A29
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: a09334c5af9dd239a7cc24a12c67f135310fad4fd749d4993d8edc15aacca959
                              • Instruction ID: 72f562bd89a1b261080196c36240b0180c1b1fb08fca48dc6e0de285348ab049
                              • Opcode Fuzzy Hash: a09334c5af9dd239a7cc24a12c67f135310fad4fd749d4993d8edc15aacca959
                              • Instruction Fuzzy Hash: AD219A75900304AFEB21CF65C848F66FBE8EF08710F08846EEE858B252D775E448CB65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10B50, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                              Download Yara Rule
                              APIs
                              • WriteFile.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 05F10BE1
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: FileWrite
                              • String ID:
                              • API String ID: 3934441357-0
                              • Opcode ID: 46fa416c8f0ac796bea062511fb71b1b1b32a8cd585bd656df3baad21e63b794
                              • Instruction ID: 08b2989b1f4fb07f8ba4e33bf6703a323eb3a18bd8dd71d14d09091a400d23bb
                              • Opcode Fuzzy Hash: 46fa416c8f0ac796bea062511fb71b1b1b32a8cd585bd656df3baad21e63b794
                              • Instruction Fuzzy Hash: 7821C172409380AFE7228F25DC44F56FFB8EF46314F08849BEA849B153C274A809CB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00E8ABD5
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: 08e1c66d4069ba89401ae2601e27d4d91d618d3518ea3a0576083137895864d5
                              • Instruction ID: f4f0cfce23a5fe32e4a157521f4cf0475b438c92d3908cce09fce93e2ed9362e
                              • Opcode Fuzzy Hash: 08e1c66d4069ba89401ae2601e27d4d91d618d3518ea3a0576083137895864d5
                              • Instruction Fuzzy Hash: 2E219F72500704AFF721AB55CC45FABFBACEF04710F18846BEE499B241D664E8088BB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F104E6, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                              Download Yara Rule
                              APIs
                              • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05F10557
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: OpenPolicy
                              • String ID:
                              • API String ID: 2030686058-0
                              • Opcode ID: e83547656664d5a52dc1573a69dd6f7de6e1662baa87ed89c7f37527b5ad1e0e
                              • Instruction ID: 5f9aa9064b3defca7cebc78a14e626abce3d50c747c46ead693cbf272d2b99cf
                              • Opcode Fuzzy Hash: e83547656664d5a52dc1573a69dd6f7de6e1662baa87ed89c7f37527b5ad1e0e
                              • Instruction Fuzzy Hash: 9B21AE72500304EFEB20DF69DC49F6AFBACEF44710F14886AEE459A241D664A4488B75
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8B99E, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              • CreateMutexW.KERNELBASE(?,?), ref: 00E8BA11
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 24badd541ea2564502eed6ba6374643ae21e2575ea87d29d28cc575a8c5fa7dc
                              • Instruction ID: 8c466be7d977315c7dd47859c63e6885862de893bcf195424ae7d9ef9f188623
                              • Opcode Fuzzy Hash: 24badd541ea2564502eed6ba6374643ae21e2575ea87d29d28cc575a8c5fa7dc
                              • Instruction Fuzzy Hash: D121CF71600240AFE720DF65CC85BA6FBE8EF04714F1484AAED4D9B242D770E905CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 00E8ACD8
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 19afd1b54b486601505695ee24a8989b5d9b1ad6a08d575a88f71ca53164833a
                              • Instruction ID: 75088b1c7852528f8fd033e45e93d18a1cebd80b07e8323c39c01a1ce5385714
                              • Opcode Fuzzy Hash: 19afd1b54b486601505695ee24a8989b5d9b1ad6a08d575a88f71ca53164833a
                              • Instruction Fuzzy Hash: 78216A75600604AFE720DF15CC80FA6FBECEF04714F18846BEA49AB251D664E809CB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8BAA6, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                              Download Yara Rule
                              APIs
                              • GetTokenInformation.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 00E8BB10
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: InformationToken
                              • String ID:
                              • API String ID: 4114910276-0
                              • Opcode ID: b95df0004be35cd310f3edf97fd098fe41643dce5f54f8f92dbd1785de77dba0
                              • Instruction ID: 63d268745eb11b4ba39af2d44cb3b08f3e6d852b96027394d244829a9184cb2a
                              • Opcode Fuzzy Hash: b95df0004be35cd310f3edf97fd098fe41643dce5f54f8f92dbd1785de77dba0
                              • Instruction Fuzzy Hash: 9111D271500204AFEB21DF65DC80FABFBACEF04310F14846BEA49DB241D670A808CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F1110D, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              APIs
                              • K32EnumProcesses.KERNEL32(?,?,?,01C05019,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05F1117E
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: EnumProcesses
                              • String ID:
                              • API String ID: 84517404-0
                              • Opcode ID: 24c0c164e64c196d9f394d1c9faf84fa3d62bbf43e9958df9694c6dc97526d0d
                              • Instruction ID: 013f8bacb8479febab6dd185ff74186f4a460046173a47717275a49216c05969
                              • Opcode Fuzzy Hash: 24c0c164e64c196d9f394d1c9faf84fa3d62bbf43e9958df9694c6dc97526d0d
                              • Instruction Fuzzy Hash: 22218E715093849FD712CB25DC85B96BFE8EF06210F0984EBE985DB263D274A908CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8B265, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00E8B2E1
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadShim
                              • String ID:
                              • API String ID: 1475914169-0
                              • Opcode ID: 41d99942eb107ef804aafbe9b68c6121af2f81e1d167ee3be1458b2dabd99442
                              • Instruction ID: 8e8370e7e7d7a530816f50750ee5af2bcf5f3704dbd2271145fc890d63e64719
                              • Opcode Fuzzy Hash: 41d99942eb107ef804aafbe9b68c6121af2f81e1d167ee3be1458b2dabd99442
                              • Instruction Fuzzy Hash: D621C3755083849FD722CB15DC41B52BFE8EF16714F08808AED88DB263D365E908CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F114E9, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 05F1155D
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 379b4320daf575405ebb926bc7b152923a9f2dafe8191a220ac33eea4010b49d
                              • Instruction ID: 1ba4ef1f7d1959591bd3d68352048e2aa34f4b9906f58ee7cf1ff1120a65569d
                              • Opcode Fuzzy Hash: 379b4320daf575405ebb926bc7b152923a9f2dafe8191a220ac33eea4010b49d
                              • Instruction Fuzzy Hash: 5F218C714093C0AFDB238B26CC44A52BFB4EF17214F0984DAEE858F163D265A918DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F112FA, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 05F11350
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: b221c498f0af52957d72bbfd97ef909600144efcec363f19413316a84fedb25b
                              • Instruction ID: 64e4d47ef83a8048e072cd1045bb86539903e752fc58d229534fdfc78fee87ae
                              • Opcode Fuzzy Hash: b221c498f0af52957d72bbfd97ef909600144efcec363f19413316a84fedb25b
                              • Instruction Fuzzy Hash: 2411E371900204AFEB10CF25DC85F6ABB9CEF45720F1484ABEE05DB241D6B8A405CBB5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E8A61A
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 7268cdf47de0d4f4af6adee1c7db59efc7aab0541a669ba35ac11bbdede8eac4
                              • Instruction ID: 50e6549fad71d2edfa20a0a268045c25701dcff0e795d4b1b8c6aa0e361b46fe
                              • Opcode Fuzzy Hash: 7268cdf47de0d4f4af6adee1c7db59efc7aab0541a669ba35ac11bbdede8eac4
                              • Instruction Fuzzy Hash: 2311B771405380AFDB228F51DC44A52FFF4EF4A714F0884DEEE898B152D275A418DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10B82, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                              Download Yara Rule
                              APIs
                              • WriteFile.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 05F10BE1
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: FileWrite
                              • String ID:
                              • API String ID: 3934441357-0
                              • Opcode ID: fd3762592ebc3bb51c619501014e4064086e285ea35b10de1e9ada2bdf14a590
                              • Instruction ID: ccd91706434845dcd9248097f33fe67917db64750018cf5e480aa14972c167cc
                              • Opcode Fuzzy Hash: fd3762592ebc3bb51c619501014e4064086e285ea35b10de1e9ada2bdf14a590
                              • Instruction Fuzzy Hash: C211EF72400204EFEB21DF55DC84F6AFBECEF04724F14886BEE459B241C674A4488BB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F1040C, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • SetFileAttributesW.KERNELBASE(?,?), ref: 05F1046B
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: AttributesFile
                              • String ID:
                              • API String ID: 3188754299-0
                              • Opcode ID: 0a706f52d30352d1b09b3c7359a77f316793e33d3edd50d899fc24d86737d3dc
                              • Instruction ID: 21a1c19e82de5faf9e89568b814ff5e1532bd62080d77a70dfba9f3cd8dc385f
                              • Opcode Fuzzy Hash: 0a706f52d30352d1b09b3c7359a77f316793e33d3edd50d899fc24d86737d3dc
                              • Instruction Fuzzy Hash: 2811B2715083849FDB11CF25DC85B56BFE8EF46220F0884AEED85CB252D278E844CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(?), ref: 00E8A6CC
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: ErrorMode
                              • String ID:
                              • API String ID: 2340568224-0
                              • Opcode ID: 3a807aa656080dfa941a6a12731468355f50b277707d9f5b04d4fa424455aedc
                              • Instruction ID: 6953d20970fdd85cf8b35dcfc031a3b70dea830c9f0ae0678791371b58e11afd
                              • Opcode Fuzzy Hash: 3a807aa656080dfa941a6a12731468355f50b277707d9f5b04d4fa424455aedc
                              • Instruction Fuzzy Hash: 781189754093C49FD7138B25CC94A52BFB4DF07224F0E80EBD9899F1A3D2A99908DB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A2D6, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 00E8A32C
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: bffa08bba4783c17c948249dd849fbb2a5a3ae970eea4181e3db6887f718231e
                              • Instruction ID: 65f6db64c1bcf5d603323473f51e7034f12740df0166dd032dfd7eacf557db93
                              • Opcode Fuzzy Hash: bffa08bba4783c17c948249dd849fbb2a5a3ae970eea4181e3db6887f718231e
                              • Instruction Fuzzy Hash: 0011E7715093C0AFDB128F25DC94B56BFB4DF46224F0880EBED898F253D2749808DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F102AE, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                              Download Yara Rule
                              APIs
                              • CopyFileW.KERNELBASE(?,?,?), ref: 05F102F6
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: CopyFile
                              • String ID:
                              • API String ID: 1304948518-0
                              • Opcode ID: e68af18a3df06663df0825697b63ca776fc152139203f5edf152c3044b72d976
                              • Instruction ID: aa7932b8661396ceb60e189378bfc493c5733b71f5608280ed0a39be662ee8c2
                              • Opcode Fuzzy Hash: e68af18a3df06663df0825697b63ca776fc152139203f5edf152c3044b72d976
                              • Instruction Fuzzy Hash: 14115271A442409FD720CF29D885B66FBDCEF04620F18846ADD49DB642D674E444CB75
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10AC2, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • GetFileType.KERNELBASE(?,00000E2C,01C05019,00000000,00000000,00000000,00000000), ref: 05F10B15
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: FileType
                              • String ID:
                              • API String ID: 3081899298-0
                              • Opcode ID: 9ec4eceefb25acc47bdad326c79614a428977179ae6a44ee414fea51eb171243
                              • Instruction ID: 1d971d818f684fdeece1bab79f9f13435ebe9fdf24baa9834d0ce80cfafaeaa7
                              • Opcode Fuzzy Hash: 9ec4eceefb25acc47bdad326c79614a428977179ae6a44ee414fea51eb171243
                              • Instruction Fuzzy Hash: 5D01D271500604EFE720CB15DD85F66FBACEF05724F1480ABEE499B241CAB8A548CAB6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F1113E, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              • K32EnumProcesses.KERNEL32(?,?,?,01C05019,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05F1117E
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: EnumProcesses
                              • String ID:
                              • API String ID: 84517404-0
                              • Opcode ID: 91a06f68860f92e4b2d129ae354f40662a7ea4a66df89d293853c61487f72ba9
                              • Instruction ID: c4003696cf80c4e28eb12d7b443e1b728194f7959dea04e180105ae2e5b20eb0
                              • Opcode Fuzzy Hash: 91a06f68860f92e4b2d129ae354f40662a7ea4a66df89d293853c61487f72ba9
                              • Instruction Fuzzy Hash: 3311AD769002049FDB20CF69D884B66FBE8EF04220F08C4ABDE499B252D275E408CB65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F1042E, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              • SetFileAttributesW.KERNELBASE(?,?), ref: 05F1046B
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: AttributesFile
                              • String ID:
                              • API String ID: 3188754299-0
                              • Opcode ID: 143844e6f8844e96dc26beb156f5bdf221bc127fdd66b44288a6dfc8f13371a9
                              • Instruction ID: c08486cbe9b6338dcb1d746cc20e7a13509800aa5dd7208a9d371ef610e17ec4
                              • Opcode Fuzzy Hash: 143844e6f8844e96dc26beb156f5bdf221bc127fdd66b44288a6dfc8f13371a9
                              • Instruction Fuzzy Hash: F1018071900244DFDB10CF29D889766FBD8EF44620F1884AADD49CB242DA78D444CAA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 8c44f1597adb5afc338bbc468d224615647d471a215348b97231804d8178dfe2
                              • Instruction ID: 0c53c6d72bb0a0de4357a223640b0af439f61b0cee53fc847ed27feca46527e4
                              • Opcode Fuzzy Hash: 8c44f1597adb5afc338bbc468d224615647d471a215348b97231804d8178dfe2
                              • Instruction Fuzzy Hash: 8211C231408384AFD7228F15DC44B52FFF4EF06720F08C4DAED894B262D275A808CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10902, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05F10952
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: FileNameTemp
                              • String ID:
                              • API String ID: 745986568-0
                              • Opcode ID: 99abfc68a21d3068ba1f730a9ba84cca008825a5bd07c08866f0cf276f523ad8
                              • Instruction ID: 0039753c13ac9b9949b952e551697068814c86f31c8c266b442207ea371d1b4f
                              • Opcode Fuzzy Hash: 99abfc68a21d3068ba1f730a9ba84cca008825a5bd07c08866f0cf276f523ad8
                              • Instruction Fuzzy Hash: 57017176540600ABD710DF16DC86F26FBA8FB88B20F14856AED089B741E371F915CBE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F10D8E, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileW.KERNELBASE(?), ref: 05F10DC8
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: 0cfe1628a787cd32e2ef4f216398fb1ca576893e690e4ac907b6d6a9abbc265a
                              • Instruction ID: 6c43b2be3ff025529c140637226e225aabe49e16d05e0ffeae07f5555b847050
                              • Opcode Fuzzy Hash: 0cfe1628a787cd32e2ef4f216398fb1ca576893e690e4ac907b6d6a9abbc265a
                              • Instruction Fuzzy Hash: 97019275A002409FD710CF2AD889766FFD8EF00620F18C4AADD09CB246DA79E444CB65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8B296, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00E8B2E1
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadShim
                              • String ID:
                              • API String ID: 1475914169-0
                              • Opcode ID: 7f65abcf55bffd187eb374c97e0fcb017e0a36c1ce8d6f5d143220df54d958a5
                              • Instruction ID: 1f740b418149943e959ed9352f1b11eb73256484b69fadb0d9cc0d495c751cc3
                              • Opcode Fuzzy Hash: 7f65abcf55bffd187eb374c97e0fcb017e0a36c1ce8d6f5d143220df54d958a5
                              • Instruction Fuzzy Hash: 9F0180755006049FD720EF19D885B56FBE4EF14724F18905ADD4D9B262D3B1E408CB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E8A61A
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: c7661ef16bba4560a9f3e43e0b4e119dbc5f32dc7cae5d6b0392d7d0df1a8d24
                              • Instruction ID: 4af7070634ec7c67c06fd4a92a60e91537631e9b32724a22e8242e976df94559
                              • Opcode Fuzzy Hash: c7661ef16bba4560a9f3e43e0b4e119dbc5f32dc7cae5d6b0392d7d0df1a8d24
                              • Instruction Fuzzy Hash: 32016D71400600EFEB219F55D844B56FFE0EF48720F18C9AADE495B616D275A418EF62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 00E8A32C
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 068f3a28016031ebefb399bc6e4ed690c87febea9aa7ad30d601ccfecd874294
                              • Instruction ID: 3fbc69e0f6f68c94981fdc1792160adc44c78c24591ffa551b8dcd4dc9dad612
                              • Opcode Fuzzy Hash: 068f3a28016031ebefb399bc6e4ed690c87febea9aa7ad30d601ccfecd874294
                              • Instruction Fuzzy Hash: 9101BC719002009FEB109F29D8847AAFF94EF04720F18D4BBDD0D9B242D6B4A808DBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05F11522, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 05F1155D
                              Memory Dump Source
                              • Source File: 00000001.00000002.221932744.0000000005F10000.00000040.00000001.sdmp, Offset: 05F10000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 3e490b499c690fc678e342434da654683b496e1fd0ec0c4f86b9712626d163ae
                              • Instruction ID: 31978434a10f5dc7b2c2d73804a14762783890d9dde16b6a58603993ed52ad11
                              • Opcode Fuzzy Hash: 3e490b499c690fc678e342434da654683b496e1fd0ec0c4f86b9712626d163ae
                              • Instruction Fuzzy Hash: 18018F35800600DFDB20CF16D844B26FFA4EF08720F08C49ADE4A0B212D3B5A418DFA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 138bddcaa1651a257f9d49ca7565b1a25f4262506d8f38bd2e8d6fc0081bf9da
                              • Instruction ID: ea65dd3688e90a249f7c7e1729163578493ffdc378fb0d8cc0237b6841dce555
                              • Opcode Fuzzy Hash: 138bddcaa1651a257f9d49ca7565b1a25f4262506d8f38bd2e8d6fc0081bf9da
                              • Instruction Fuzzy Hash: CB01AD35400604DFEB209F45D985766FFA0EF04724F18D0ABDE4D1B652D2B5A408DFA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E8A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(?), ref: 00E8A6CC
                              Memory Dump Source
                              • Source File: 00000001.00000002.212542151.0000000000E8A000.00000040.00000001.sdmp, Offset: 00E8A000, based on PE: false
                              Similarity
                              • API ID: ErrorMode
                              • String ID:
                              • API String ID: 2340568224-0
                              • Opcode ID: 3e95e35fc7f19cd96ea88e6bb3445508e72a4859fdbe4b7fbb7d4d070e3dc981
                              • Instruction ID: 1b974ef892cbda6caa7fe0d50c7f2c5443c25f986afaefd9f0b8159db901e8ae
                              • Opcode Fuzzy Hash: 3e95e35fc7f19cd96ea88e6bb3445508e72a4859fdbe4b7fbb7d4d070e3dc981
                              • Instruction Fuzzy Hash: 34F08C34500644DFEB20AF15D885766FFA0EF04724F1CD0ABDD4D5B25AE2B5A448EFA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59EE0, Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: |m^r
                              • API String ID: 0-3666999425
                              • Opcode ID: 25d1846dfecbba183c552590c8cc10da4aec107838d016feee8fb5f2b3cf74a8
                              • Instruction ID: d80d4e00c572b023fa95dbdcd55b1ec3f1898d91d4b3157a2616296f17dc8220
                              • Opcode Fuzzy Hash: 25d1846dfecbba183c552590c8cc10da4aec107838d016feee8fb5f2b3cf74a8
                              • Instruction Fuzzy Hash: 42A12770E44208DBDB14DFA8C855BEDBBB1FF89700F209119EA197B294DBB06846DF45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5A3E0, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r
                              • API String ID: 0-1441432688
                              • Opcode ID: cc5f91e48c6b406e310fdc0bf18db5aa1f7c2299564e8404d8ea338381a1f20a
                              • Instruction ID: 78774da5c8a9c9953880de938b1a0a600d967e4eea3b5a159b309f83ae95a87f
                              • Opcode Fuzzy Hash: cc5f91e48c6b406e310fdc0bf18db5aa1f7c2299564e8404d8ea338381a1f20a
                              • Instruction Fuzzy Hash: 70719F74E05208DFDB48DFA4D844AADBFB2FF49305F20812AD905A7360EB752992DF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F58B88, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: #
                              • API String ID: 0-1885708031
                              • Opcode ID: 0e7ff0c2c037f33bea36c96a05d6f995d25a6528b96fb485ad7132d1fea4bf84
                              • Instruction ID: 4528d94b67c65cf86965076685b1e735f8c558167b1fb90879753f9f31bad5ad
                              • Opcode Fuzzy Hash: 0e7ff0c2c037f33bea36c96a05d6f995d25a6528b96fb485ad7132d1fea4bf84
                              • Instruction Fuzzy Hash: 365165B1D04258CFEB04EFE1D8487EEBBB1BB06345F10545AE6057B2A0D7B8168ADF15
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59C10, Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: |m^r
                              • API String ID: 0-3666999425
                              • Opcode ID: 48aefb6c08e1b3497d5af95e59e4ffdec1abc147a37c0717051f2748335b9e82
                              • Instruction ID: ddd38842329dcd90b4bdb3532282200b108e4121202f99e78e24137e0b35a6a3
                              • Opcode Fuzzy Hash: 48aefb6c08e1b3497d5af95e59e4ffdec1abc147a37c0717051f2748335b9e82
                              • Instruction Fuzzy Hash: ED316EF1E05208DBDB08DFA5D488AEDBBF5EF8A310F149429E605B3254DBB068429F54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F509D9, Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: \i
                              • API String ID: 0-165447557
                              • Opcode ID: b0c5b6494b140d2445cf7aa9f6f0392e4ff444b7ba68f2fcd3488e0a53204de3
                              • Instruction ID: 298806fd831fefd1e2908da7cd2eba5134745379c576f35368d8654c8162c8d5
                              • Opcode Fuzzy Hash: b0c5b6494b140d2445cf7aa9f6f0392e4ff444b7ba68f2fcd3488e0a53204de3
                              • Instruction Fuzzy Hash: 43213B70900209DFCB05EFB4CA55AAEBBB1FF85300F1041AAD945B73A1DB315E15DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F509E8, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: \i
                              • API String ID: 0-165447557
                              • Opcode ID: b57b236d0f219e46c16424f0a005f43321003a9b44ec50c1cf46884be24e81d6
                              • Instruction ID: aa0f9d6d9871da4d8e049e3c27b4752f77d867ae1278c01d1b92deac2b7bc4a9
                              • Opcode Fuzzy Hash: b57b236d0f219e46c16424f0a005f43321003a9b44ec50c1cf46884be24e81d6
                              • Instruction Fuzzy Hash: 18213874E00209DFCB04EFA8D946AAEBBB1FF84300F1041AADA45B7394DB305E15DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F500F8, Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: xd
                              • API String ID: 0-3489126044
                              • Opcode ID: ab836f97bb214f7159300e94fbbd7ce4ddc036a8da3a99e11af211f913892638
                              • Instruction ID: 8504f543dcfd447d8c94f8312785778d7d28d61781d02cd2696d66232e27d7ca
                              • Opcode Fuzzy Hash: ab836f97bb214f7159300e94fbbd7ce4ddc036a8da3a99e11af211f913892638
                              • Instruction Fuzzy Hash: 06213E30A0124ACFCB05EBB8D85559DBFB1FF81304B1051ABE905B73A5DB716E0ADB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50108, Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: xd
                              • API String ID: 0-3489126044
                              • Opcode ID: 3945bc062831415d40165d36a759c9e5914c0650d0909f3cd8d8550e7cfa3412
                              • Instruction ID: 4a4624493cfa98c519ae6502d369a78ac8e0456d17dd02a211a55a1fe6fd2204
                              • Opcode Fuzzy Hash: 3945bc062831415d40165d36a759c9e5914c0650d0909f3cd8d8550e7cfa3412
                              • Instruction Fuzzy Hash: F5110A30A0110ACFCB04FBA8D84599DBBB1FF80304B1051ABEA05773A4DB716E09DB96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9AA44, Relevance: .2, Instructions: 166COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f016a10e349923661ec812890821e8fe91b9c0b712593e6b31ec082850e62617
                              • Instruction ID: b1dc0b96e9ba6d638f409e986bcac6c2ea894abf94be6666a0c068087d5a753a
                              • Opcode Fuzzy Hash: f016a10e349923661ec812890821e8fe91b9c0b712593e6b31ec082850e62617
                              • Instruction Fuzzy Hash: E9518476509380AFD712CF25DC41957FFF4EF86620F08899FF9889B252D275A904CBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F51298, Relevance: .2, Instructions: 162COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 365485ca16ad88e1385dc3eec86b9556ae3da4e537bd1125f94c7ebb41131a52
                              • Instruction ID: 3d584a680e53fa033b4d1ee16d3c4de261f2a9e06343488b88488aa2dc1d37f5
                              • Opcode Fuzzy Hash: 365485ca16ad88e1385dc3eec86b9556ae3da4e537bd1125f94c7ebb41131a52
                              • Instruction Fuzzy Hash: 4E61C2B4D05208CFDB04DFA9D6446AEBBF2FF49304F20916AD909BB261D7346946CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F51C29, Relevance: .2, Instructions: 162COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: adf4d4b5c6c993c870c9667dec6d9792405b688d3e5db6830ab7efaaf8cb9a8d
                              • Instruction ID: d176f0612c3a07fe6c1a631c06e872c1cc1223924ded51aaca658c3ec2f0e138
                              • Opcode Fuzzy Hash: adf4d4b5c6c993c870c9667dec6d9792405b688d3e5db6830ab7efaaf8cb9a8d
                              • Instruction Fuzzy Hash: 4D614BB4D002488FDB00CFEAC694AEDBBB1FF59325B648615E924AB365D730B842CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50C01, Relevance: .1, Instructions: 130COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d730bcdd6c43392494cb094e9e1f9843de1b669edbd0bcb6ca2cbac5d31c001c
                              • Instruction ID: 534900802e8fcce7b1ccf6d3ac24a82c0a6fec048c47bc085cbeb77b12746936
                              • Opcode Fuzzy Hash: d730bcdd6c43392494cb094e9e1f9843de1b669edbd0bcb6ca2cbac5d31c001c
                              • Instruction Fuzzy Hash: 9051D271D01208DFDB08DFAAD5846EDFBB2BF89304F1484AAD905A7264DB346A4ACF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50280, Relevance: .1, Instructions: 117COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 862c710baf0a5c91be31313616deb1a99a9a2815f32dc136901223b29c053a2b
                              • Instruction ID: e18d8922e151c769763c7ccda4741ac75568eb286bb32a537e8814ee01c203fa
                              • Opcode Fuzzy Hash: 862c710baf0a5c91be31313616deb1a99a9a2815f32dc136901223b29c053a2b
                              • Instruction Fuzzy Hash: B9417C78A00618DFDB00DFA8C880AADBBF1BB4D310F1054A5EA01AB3A0D774A941EF64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A930, Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4172da0bea48db25ec2f6beede14ff2f077cc5323fc47df3548e19a35cad4e6e
                              • Instruction ID: faf309f5f6451bceb74771c7a71f56d888b15fd46e827a168b7471b6acda5b54
                              • Opcode Fuzzy Hash: 4172da0bea48db25ec2f6beede14ff2f077cc5323fc47df3548e19a35cad4e6e
                              • Instruction Fuzzy Hash: 1131A0B6508340AFD311CF09DC45E57FFE8EB89A20F18C96EFD8997211D271A904CBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A810, Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2b8470b8f1ef8b532d446740f4ca0b27791b98932198df1cbfd350bb3003f03
                              • Instruction ID: 57989f8ec43f334596c63519ae755d596f1e252974521a4f2720b7fb3184df05
                              • Opcode Fuzzy Hash: c2b8470b8f1ef8b532d446740f4ca0b27791b98932198df1cbfd350bb3003f03
                              • Instruction Fuzzy Hash: 552162B6508344AFD310CF4AEC41E57FFE8EB89A60F14C96EFD4997211D271E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A6E4, Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e665cec49206c989851f5603bc4f7e3daf8fa22f26593ec08be1ec2a752565e
                              • Instruction ID: 6123d479ca56e8484a2dc00dfdfe5029c47466fef6cfbb03420bea9a13762c72
                              • Opcode Fuzzy Hash: 7e665cec49206c989851f5603bc4f7e3daf8fa22f26593ec08be1ec2a752565e
                              • Instruction Fuzzy Hash: D92151B6544304AFD710CF0AEC41E57FFE8EB88A60F18C96EFD4997211D271E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A5B8, Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 556c91b60242bbc9b234c365910b87cec6b9e376df2e04a65e4e7460f42e8c77
                              • Instruction ID: 2aa34b22e146dadca55bd6fbd4fd37b54fd0eaf796e1c7d5c99f0c4c9cd27c13
                              • Opcode Fuzzy Hash: 556c91b60242bbc9b234c365910b87cec6b9e376df2e04a65e4e7460f42e8c77
                              • Instruction Fuzzy Hash: AF21B376544304BFD7108F06EC41E67FFA8EB84A70F18C96EFD495B211D275A9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A3A8, Relevance: .1, Instructions: 78COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8bfdaa294822b68d337a0363694da1a72ff1ba4072434a1319c38e2fe6655a99
                              • Instruction ID: 9a6b02edb9b53096aee6e3f7791369d9a197aac3ccdfe23a869afcd703c949b5
                              • Opcode Fuzzy Hash: 8bfdaa294822b68d337a0363694da1a72ff1ba4072434a1319c38e2fe6655a99
                              • Instruction Fuzzy Hash: E0218476644304BFE6108E46EC41D67FFA8EB84A70F14C92EFD0957211D271B5149BB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A82E, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 526efa362385979eff91482340b5ec4ab872084bd4adae0265e672061a5d386a
                              • Instruction ID: e096fc844738ffc65f74525c4d75dab38c7989b62e707dfe65df57092b95ef68
                              • Opcode Fuzzy Hash: 526efa362385979eff91482340b5ec4ab872084bd4adae0265e672061a5d386a
                              • Instruction Fuzzy Hash: 36212FB6644304AFD610CF4AEC41E57FBE8EB88A30F14C92EFD4997311D275E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A95A, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9b4f96337fc5b992f9a9de0b90aea8ee00d30f777d77f1b0b586d4578c78f00a
                              • Instruction ID: 37f7f8374960569109ea790c8695dc2c25688c361dc37bbb60da2d8b42b71dc5
                              • Opcode Fuzzy Hash: 9b4f96337fc5b992f9a9de0b90aea8ee00d30f777d77f1b0b586d4578c78f00a
                              • Instruction Fuzzy Hash: 49214FB6644304AFD210CF0AEC41E57FBE8EB88A30F14C92EFD4997301D271E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A702, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5b79e27082e159692e2926fd476dc699c09e0d4c74a368b4e9d82ff147dc65b0
                              • Instruction ID: 41deceda1fe4d1e9d0476af32a065985b454034142f1ad32d79ab76e10b8c603
                              • Opcode Fuzzy Hash: 5b79e27082e159692e2926fd476dc699c09e0d4c74a368b4e9d82ff147dc65b0
                              • Instruction Fuzzy Hash: 71212176644304AFD610CF0AEC41E57FBE8EB88A30F14C92EFD4997311D275E5148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A18F, Relevance: .1, Instructions: 71COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f7cc10ab30add92ec8f9a69d2c34fa22001f2155c245cb4358176a3f5055a183
                              • Instruction ID: 5c26695f69aef317e231ba209cffeb97ffea161da1256d132521ee5ded49f5ec
                              • Opcode Fuzzy Hash: f7cc10ab30add92ec8f9a69d2c34fa22001f2155c245cb4358176a3f5055a183
                              • Instruction Fuzzy Hash: 3511B776644300AFD6108E06AC46D67FFA8EB84A30F08C96EFD095B201D272A5148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A3BE, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19aeaaf819311b290d87590d0cb3f2bcb2a0b1fc9a174f8500ce43ec0002afc3
                              • Instruction ID: 1b89cba47466865c4a63981295151ac4cb9787aea6fa6c808b59122d14833793
                              • Opcode Fuzzy Hash: 19aeaaf819311b290d87590d0cb3f2bcb2a0b1fc9a174f8500ce43ec0002afc3
                              • Instruction Fuzzy Hash: B6119376644304BFD610CF0AEC41E67FBA8EB84A30F18C96EFD095B311D276A5149AA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A5D6, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ba9e3484de70733f3755de9c5b0c7cfb62dc8fd91a2a857aeb0287e3bbb1ca8c
                              • Instruction ID: f4bc0b31e9ac924fd1da99813c31c784226d96436546d0b612ee671af481b3cb
                              • Opcode Fuzzy Hash: ba9e3484de70733f3755de9c5b0c7cfb62dc8fd91a2a857aeb0287e3bbb1ca8c
                              • Instruction Fuzzy Hash: A2119376644304BFD6108F0AEC41E67FBE8EB84A70F18C96EFD095B311D276B5149AA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A62C, Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c5821c779f48f4e1017f83d9e87c8b65d5f1e4584a481f8e691da948b50cde5f
                              • Instruction ID: 1916dd1e832e3165bf4dd2b4f0ee512e712a475df089126d883c57a9a6f991de
                              • Opcode Fuzzy Hash: c5821c779f48f4e1017f83d9e87c8b65d5f1e4584a481f8e691da948b50cde5f
                              • Instruction Fuzzy Hash: 7B216DB550D380AFD302CF159C51956BFE4EF86620F09889EF9889B253D234A908CBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A1A6, Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bdbea90690acc87f97dfc8f1033e290366b2a586a16a619f475975e3f0855e82
                              • Instruction ID: 847cea6b5ffa7640b20f765e4d9145f741791deb05bb565a3bed56567dc24de7
                              • Opcode Fuzzy Hash: bdbea90690acc87f97dfc8f1033e290366b2a586a16a619f475975e3f0855e82
                              • Instruction Fuzzy Hash: DA118676644304BFD6108E0AEC41E67FFA8EB84A30F18C96EFD095B211D276B5149BF6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 01230726, Relevance: .1, Instructions: 61COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.213072782.0000000001230000.00000040.00000040.sdmp, Offset: 01230000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 391337547a9303c854a5b5dace57c0c1b5899999959d7966916e28ddf345dac4
                              • Instruction ID: 349782de8f8b0dd0bf6f85c3b6b0df82403cafd7bf450f812e973769164b0244
                              • Opcode Fuzzy Hash: 391337547a9303c854a5b5dace57c0c1b5899999959d7966916e28ddf345dac4
                              • Instruction Fuzzy Hash: A7217C7510D3C19FD707CB20C890B15BFB1AB87314F2986DED4849B6A3C37A8806CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0123075C, Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.213072782.0000000001230000.00000040.00000040.sdmp, Offset: 01230000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 650f08442ddb163d7a0ec5d4652b8b34084308da141b78bf7bb82168324e565e
                              • Instruction ID: a406c33db6af7f915ae314b0e60f24ee921ea8855041ef9f87f59f5138104578
                              • Opcode Fuzzy Hash: 650f08442ddb163d7a0ec5d4652b8b34084308da141b78bf7bb82168324e565e
                              • Instruction Fuzzy Hash: 9011E474214244EFD30ACB24C980B26BB91AB88B08F24C99DFA491B643C77BD803CE65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9AAF5, Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e04d147f1c5d709bb878bd285c1139cef0772b30d5649bad88369f2c0a7c31b
                              • Instruction ID: b683141b2101453bc3f17c77978c534c824411449951ce7728662b8ae2416347
                              • Opcode Fuzzy Hash: 0e04d147f1c5d709bb878bd285c1139cef0772b30d5649bad88369f2c0a7c31b
                              • Instruction Fuzzy Hash: 1611D7B5A08301AFD350CF19D881A5BFBE4FB88664F04892EF99897311D371E9048FA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A104, Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ac442f15656b9484febbe3fcec6a2f0e5dfac70f99f4218dea603d66495ff429
                              • Instruction ID: e46955bb46714270b9fd885f1724c87b734db4eed5dfa51cfb71a6900cb34f20
                              • Opcode Fuzzy Hash: ac442f15656b9484febbe3fcec6a2f0e5dfac70f99f4218dea603d66495ff429
                              • Instruction Fuzzy Hash: 9301B1B650E3C06FD3128B269C55AA2BF78DF43620F0884DBE9849F193D2566909C7B2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 012305CF, Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.213072782.0000000001230000.00000040.00000040.sdmp, Offset: 01230000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6184acd8a63c83e6a552e54de4b0ab906ae1f103f2b77b8e3e29fac6b16ae441
                              • Instruction ID: b9e6d6ad792bd3fc668633e9a17df728e6a1942c96b2ec519789b842b2bb53b3
                              • Opcode Fuzzy Hash: 6184acd8a63c83e6a552e54de4b0ab906ae1f103f2b77b8e3e29fac6b16ae441
                              • Instruction Fuzzy Hash: 2401DB765083406FD712CB16EC40863FFE8EE86620719C09FED498B612D265A904CBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50AC8, Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 99e611ff9205319f43cb8439dee854108b1457663cf11e18e0f8abd9411ac7f5
                              • Instruction ID: 008439fdcec7d5757239a245990a4b40454354119e375df5bb54913d80be584c
                              • Opcode Fuzzy Hash: 99e611ff9205319f43cb8439dee854108b1457663cf11e18e0f8abd9411ac7f5
                              • Instruction Fuzzy Hash: 19014C3582E3C4AFCB03DB7098645997FB5AF0B305B1981DBD880DB363D6355909DB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5122B, Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 82b4552e99623078f620a718e210937ad265c1294f949fbc92f6f5094945f12e
                              • Instruction ID: ab86fe8e32e1ff4ab4367d58363594166b5ffa03025d8b35a8d9fd8636b154dd
                              • Opcode Fuzzy Hash: 82b4552e99623078f620a718e210937ad265c1294f949fbc92f6f5094945f12e
                              • Instruction Fuzzy Hash: 52017874E45248DFDB00CFA4E244BADBBB5EB06215F1981D6D908AB222D370E906DA50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50E10, Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b319149fba60103a2f04d3b6c248c60bd813f624cf5de02a146eb3b8474ecf17
                              • Instruction ID: d6a79a0fc0033c13f3da41960d89a067752f7570391ef455a5000e2f5b84dc1a
                              • Opcode Fuzzy Hash: b319149fba60103a2f04d3b6c248c60bd813f624cf5de02a146eb3b8474ecf17
                              • Instruction Fuzzy Hash: 5601A970C0A388AFCB02CFB9C8419AEBFB0AF56300F1080EBC445A3262D7311A4ACF55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A11B, Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d59dd73683e39c79c496a5add88e441a13ef2d8702d94ca8c84ab7a65e1a822a
                              • Instruction ID: 3925ba2e35f29112e5c52c32f8120dfab80736cacbea0a7e1b0f831b564ee9ba
                              • Opcode Fuzzy Hash: d59dd73683e39c79c496a5add88e441a13ef2d8702d94ca8c84ab7a65e1a822a
                              • Instruction Fuzzy Hash: 74F096B5545344ABD6108A069C45E63FF9CDB41A60F48855EFE492B142D261A5148BF1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9AA37, Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c062e6758670e4e1b3a44bff97f0ed311664a68f6de9228fc3cc9dd94009d957
                              • Instruction ID: aeaff7264c19335624791b35a2aa91b35026b20bb5f0873ae331fc5bdf947107
                              • Opcode Fuzzy Hash: c062e6758670e4e1b3a44bff97f0ed311664a68f6de9228fc3cc9dd94009d957
                              • Instruction Fuzzy Hash: 7DF0B472640704BBD6208E06AC41EA3FF9CEB94A20F08C55EFE092B241D261E5148AF2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F51230, Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 67326ea8071fcc93cdf93c707cd2dc8139d03b4e15bf3ed3abdcac984cd62bb1
                              • Instruction ID: 40f7eff9340135fab13e5e465b9d0cacb3db67186066ff5eba3d4062da21b073
                              • Opcode Fuzzy Hash: 67326ea8071fcc93cdf93c707cd2dc8139d03b4e15bf3ed3abdcac984cd62bb1
                              • Instruction Fuzzy Hash: B1F03770D01248DFDB04DFA5E248B5DBBB5EB06305F1580D6D804AB262C770EA45DF65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50070, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 91d8c84c429212087d1b8cb319c2aeee7ee140f1e63fb9e58cb4b96c0a65ad5b
                              • Instruction ID: 3658506553a2ff40ccce01e8cccaab6dc5b778f71be39a996aa424367b0842d3
                              • Opcode Fuzzy Hash: 91d8c84c429212087d1b8cb319c2aeee7ee140f1e63fb9e58cb4b96c0a65ad5b
                              • Instruction Fuzzy Hash: 42F08C70D012099FDB589FB9C8557EFFAF4EB4A704F10182AC600B3390DA7569098BE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F503F8, Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a23860c8d362cd3cca4ef58fa83e44154f87dec5a8b14f9c3ea86a38dac25396
                              • Instruction ID: fa5f1b2e3b870437e8de6e674765e9a9d7e22fda432fb78aa8bcd9460c7efdac
                              • Opcode Fuzzy Hash: a23860c8d362cd3cca4ef58fa83e44154f87dec5a8b14f9c3ea86a38dac25396
                              • Instruction Fuzzy Hash: CAF01C34A422089BD708DBF5C590EAFB3BBDFCA204F509C998501272848E746E05A999
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 01230818, Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.213072782.0000000001230000.00000040.00000040.sdmp, Offset: 01230000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                              • Instruction ID: 27c827db2fe83f65ddd2030ad3175dbdbe572118c13c76ca93ec7591c5245f8e
                              • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                              • Instruction Fuzzy Hash: C6F01D35104645DFC306CF44D940B26FBA2EB89718F24C6ADE9490B752C337E813DE95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50DB8, Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 20a047a6b60f83eefbe9b6c109c051da34fdf5df47e806d632238bf6b8068c5d
                              • Instruction ID: 8aef3a515fef52df8baaa1e92af5b20ce205b72efa7a473a0ee6d2744cea3332
                              • Opcode Fuzzy Hash: 20a047a6b60f83eefbe9b6c109c051da34fdf5df47e806d632238bf6b8068c5d
                              • Instruction Fuzzy Hash: 9CF01D74D04209EFCB04DFE9D841AAEBBB4AB44300F20816A9924B7390DB302A00DFD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F52402, Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0ca690a9ee53d179755e9340712a8198c052365de6bbbc6ad64ce875659f1499
                              • Instruction ID: 2908d9402de22ba0099b74fe3637fcb483d1a97c55e8b98503c459667b24e53d
                              • Opcode Fuzzy Hash: 0ca690a9ee53d179755e9340712a8198c052365de6bbbc6ad64ce875659f1499
                              • Instruction Fuzzy Hash: F601C874910119CFEB58DF64D545B9CBBB1FB09301F10C5A6EA09E7350DB709985DF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 012305F6, Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.213072782.0000000001230000.00000040.00000040.sdmp, Offset: 01230000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 171d5bc4ce71318facd5001771043baba44d3d84929a7ad15eae8f154c6896fa
                              • Instruction ID: 9715cefb315c2130c3417482f4bedd0d0f14fef10b67b54d36bb1d5788fb0b94
                              • Opcode Fuzzy Hash: 171d5bc4ce71318facd5001771043baba44d3d84929a7ad15eae8f154c6896fa
                              • Instruction Fuzzy Hash: F4E06D766406008B9650CF0BEC41456F798EB88A30B18C47FDC0D8B701E175B5048EA6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A8E7, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 347f98e96a1851e5bb013fa68f0a4d5c62ac41de259cc79ace4d4480275c8010
                              • Instruction ID: 26b675316e06b1e9a34cd95ee36dc649b4eda61baa4a25d8f8d3f141d91ee408
                              • Opcode Fuzzy Hash: 347f98e96a1851e5bb013fa68f0a4d5c62ac41de259cc79ace4d4480275c8010
                              • Instruction Fuzzy Hash: 87E0D872641304A7D2209F079C42F53FB58DB44E30F14C56BED081B341D1B1B5048AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A138, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a8ea3d449d315fdccc20f26c1dd6fb8848d7ccf74bd220d9011154a4019b0daf
                              • Instruction ID: 44bba2a15aac65f33470765cd54f9ec0d21e3b0416c27b31f7dddd2ffcb43fb4
                              • Opcode Fuzzy Hash: a8ea3d449d315fdccc20f26c1dd6fb8848d7ccf74bd220d9011154a4019b0daf
                              • Instruction Fuzzy Hash: E1E0D8B16413006BD2109E07DC46B53FB58DB44D30F14C46BED081B342D1B6B5148AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A34F, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4e61dea66f93b0713a3cc24af882a5211a57c33bb4c62c825e010073e700e507
                              • Instruction ID: 6b3ff92ebc27edb8c354025767d26172efceb9a1651b6c0e7f20ae8ffa999103
                              • Opcode Fuzzy Hash: 4e61dea66f93b0713a3cc24af882a5211a57c33bb4c62c825e010073e700e507
                              • Instruction Fuzzy Hash: A5E0D87264130067D2109E07DC42B63FB58DB44D30F14C46BED081B342D1B5B5048AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9AB57, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e8f9834af9611a1ff6619c0a9229fe16e4205b09298c6777a558004bb9dd6d36
                              • Instruction ID: 70ca14db5a3de22813cac66e328cfd5276cc4698cf2e721b077234518bd30fcb
                              • Opcode Fuzzy Hash: e8f9834af9611a1ff6619c0a9229fe16e4205b09298c6777a558004bb9dd6d36
                              • Instruction Fuzzy Hash: 06E0D87265130467D2109E079C42B53FB58DB44E30F14C46BED0C1B342D1B1B5148AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A567, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: af25861cb20e93b2dc8e93f1c0d72ab9427e52060d09e7c60918e9ee42ccb145
                              • Instruction ID: 4c6a65961196c3f34a2dcc4292f8caecc897c67f4aba333da107e4057bb87290
                              • Opcode Fuzzy Hash: af25861cb20e93b2dc8e93f1c0d72ab9427e52060d09e7c60918e9ee42ccb145
                              • Instruction Fuzzy Hash: 85E0D8716413046BD2109E0B9C42B53FB58DB44D70F14C46BEE081B742D1B5B5048AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A68F, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf0c775689ba71285fcbbae069945f7703e0b312c403d3b9cf25ffc4f2cb4374
                              • Instruction ID: 97d290de2307cb4db43a3e2b74e9588d08321a46b7531ee8db65357cfc35ec53
                              • Opcode Fuzzy Hash: cf0c775689ba71285fcbbae069945f7703e0b312c403d3b9cf25ffc4f2cb4374
                              • Instruction Fuzzy Hash: 19E09272641300A7D2109A069C42F53FB58DB54E30F14C46BED081A642E1A1A5148AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E9A7BB, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1c218a05641a8f26d7e0fa007cc7ac700495925761ff9ed1b7f5f0c9a882e126
                              • Instruction ID: 41e131f30faa460b5867f5496f2e2292cb278fc3f31711ef691827d9f7defa51
                              • Opcode Fuzzy Hash: 1c218a05641a8f26d7e0fa007cc7ac700495925761ff9ed1b7f5f0c9a882e126
                              • Instruction Fuzzy Hash: 53E0D872651300A7D2109F079C42F53FB58DB54E30F14C46BED082B741D5B1B5148AF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50543, Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 39daf353923c7ddf31be5e3298aaeeb90a566fc5d4996c11d6dd4fb7d1e47736
                              • Instruction ID: 280c437ca287dd2887fb36d1a1228002b6df6ca3bb62f13f8b2a07b16bfc531d
                              • Opcode Fuzzy Hash: 39daf353923c7ddf31be5e3298aaeeb90a566fc5d4996c11d6dd4fb7d1e47736
                              • Instruction Fuzzy Hash: B4F05FB8A15209EFCB00DF98D68499DBBB0FB49300F24869AE815A7325D770AE45DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C2F0, Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e105825c7eebde7a0fa04363f1f3f94623c2edf8a7fc4db82c34b610d8cb1f80
                              • Instruction ID: de6efc04555a79a4e2a5d1050119ad12411ed659fbcae50212a7e5e12ef5892a
                              • Opcode Fuzzy Hash: e105825c7eebde7a0fa04363f1f3f94623c2edf8a7fc4db82c34b610d8cb1f80
                              • Instruction Fuzzy Hash: 4EF0393590420CEFCB00DF94D940AADBBB5FB48300F10C09AED0963361C732AA22EF80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50460, Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2482b816105bcc07c8c66f48dc1259e0c49dbbb0c8e6d352a3e48463d55cabe5
                              • Instruction ID: 2b65f47e305e3ce9de370ef6c7fd6fa9a5204936b3b0ac3f6974b7ca79267503
                              • Opcode Fuzzy Hash: 2482b816105bcc07c8c66f48dc1259e0c49dbbb0c8e6d352a3e48463d55cabe5
                              • Instruction Fuzzy Hash: 87F0C274D01208EFCB04EFB9D948AAEBBB4EB45305F1049AEC814A3351DB75AA55CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F52571, Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0178ac4167dc61970b7765590a6135ce270ba16ddd5dbceb524d8baf71757d0f
                              • Instruction ID: 24a6307e50728f8f7abbcfd5240b9f9a34ccdd3c0d953b6ef02f42700619070c
                              • Opcode Fuzzy Hash: 0178ac4167dc61970b7765590a6135ce270ba16ddd5dbceb524d8baf71757d0f
                              • Instruction Fuzzy Hash: 40F0CF38A15218CFCB94EF28E985B99BFB1BB45300F1041E5EA4AA2294CB706D85DF52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C4D8, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2d1eccc1d6242f3886cdeff59d6554a535a1c355a477445070a0265adacc24a
                              • Instruction ID: ecab52215ab1019614b3a5048aac539c6c02853c5637aa3bcd9e302b0bc9e29c
                              • Opcode Fuzzy Hash: c2d1eccc1d6242f3886cdeff59d6554a535a1c355a477445070a0265adacc24a
                              • Instruction Fuzzy Hash: C9E01A74D04248EFCB14DF95D841AADFBB4EB48300F10C0AADC4563351DA36AA56EF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C2A0, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2d1eccc1d6242f3886cdeff59d6554a535a1c355a477445070a0265adacc24a
                              • Instruction ID: 93fd1a6b2e2ee524f89af964cba1a25482cba8097437f57c55fa39e62fc05ac6
                              • Opcode Fuzzy Hash: c2d1eccc1d6242f3886cdeff59d6554a535a1c355a477445070a0265adacc24a
                              • Instruction Fuzzy Hash: 94E01A74D04248EFCB04DF95D840AACFBB5EB49304F20C0AADC4563352D636AA56EF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F50230, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 473bf3f9649d85a493c604be120e2318d8c5beb458b56fc1cbcca05352ebd7ac
                              • Instruction ID: 71ec5092a8bfbde451c277a0633e3b1b5d1bd87e673c3261521215657f864994
                              • Opcode Fuzzy Hash: 473bf3f9649d85a493c604be120e2318d8c5beb458b56fc1cbcca05352ebd7ac
                              • Instruction Fuzzy Hash: F7E04F34D05308DFCB04DFA5E54555CBBB5EB45301F1081AADC0563360EB356A49DB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C528, Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d407f3c54404d80c605d825120434b27f6c4b1b269333cfa72afcedacee8814a
                              • Instruction ID: 1ca727a1cad4f9434a310734ae0e65f681742c350c67fcf02ba443fb52bed9e3
                              • Opcode Fuzzy Hash: d407f3c54404d80c605d825120434b27f6c4b1b269333cfa72afcedacee8814a
                              • Instruction Fuzzy Hash: F5E09A74D04208EFC744DF99D9816ACF7B4EB48304F1081EA9C0957351DA71AA46DF81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5ACB8, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 751b5dea70c712312d278c2d7ad8a59ed0941f6ceaa1ac1dc9dad59284476468
                              • Instruction ID: ab48f2024eb115f3c837f3ba06089413f878560b3628bff664415b5448366761
                              • Opcode Fuzzy Hash: 751b5dea70c712312d278c2d7ad8a59ed0941f6ceaa1ac1dc9dad59284476468
                              • Instruction Fuzzy Hash: 84E0E674D0920CDFC704DF95D4455DDBB74EB44311F1081A9DD1563350D6706A55EF45
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F58278, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 530dbcf8609060f00bcfc626bb2ad8a1eced12671748fe6107636b2f5777e8f7
                              • Instruction ID: 6a3a6448c4dc0a0d2202ae6421040ad710c3d9c2c2cde760c96299c7bc826545
                              • Opcode Fuzzy Hash: 530dbcf8609060f00bcfc626bb2ad8a1eced12671748fe6107636b2f5777e8f7
                              • Instruction Fuzzy Hash: B9E0EC74D45208EFCB14EFA5E9456EDFBB8EB4A301F1081AADD0463360DA306A95DF85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59778, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2040112938e1bdbf196a12784142d54ce27aec34ad0723c48f8a34ae219668e1
                              • Instruction ID: 417f14532ded1a74bdc3718110c7a902770f83b1f83bfb7c4fbe1bdf43d2ac32
                              • Opcode Fuzzy Hash: 2040112938e1bdbf196a12784142d54ce27aec34ad0723c48f8a34ae219668e1
                              • Instruction Fuzzy Hash: C0E0E674D04208DFC714DFA5D4449ECBBB4EB49301F1081EADD4457351D6756A45DF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5B068, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: de38c2e745ba3f605c77074619062fe8e84cd75899a6a0de35c816c14d912650
                              • Instruction ID: 67fbc380f7e4bf1fe83efc3c09d3d441ec45d66c8435ce18d4791cbc6cc63d02
                              • Opcode Fuzzy Hash: de38c2e745ba3f605c77074619062fe8e84cd75899a6a0de35c816c14d912650
                              • Instruction Fuzzy Hash: 43D01730909208EBC704EBA4E9056AEBB78EB46302F5041A9A90923250DA702A59EE95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5AC20, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 312ef12c32635bac739909b3085db19d9d21f772bf5efb1e504273f3dce23fd7
                              • Instruction ID: 1573586438b3f4994a9642ed35ff261e2a440a8dfae4dc13b65071dff150b12f
                              • Opcode Fuzzy Hash: 312ef12c32635bac739909b3085db19d9d21f772bf5efb1e504273f3dce23fd7
                              • Instruction Fuzzy Hash: 57D05B70D0930CDBC704DFA4E809AEDBF74A746301F104196D94523350DB716955EFA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F500ED, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63fd764abbe83ea5c9844e7205d9d066a28d3222ef8b2d64c65daf2ca73c5e5e
                              • Instruction ID: 1241a23721cd77d637d697528c28aa21a154d78acd50c6874ec13ce6d1eb4fe9
                              • Opcode Fuzzy Hash: 63fd764abbe83ea5c9844e7205d9d066a28d3222ef8b2d64c65daf2ca73c5e5e
                              • Instruction Fuzzy Hash: F6D0E236E01108CFCB00CBA4E0446ECF774EB89329F20842BC618A2210C73155498F90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59AC8, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: beb4132e51127e9d0e0c2f76b1fd887744b6a45faeb5d79c2d1b13af09eafb3b
                              • Instruction ID: fe560fe9d75399ae95c3d29ce1f4b734f84fb7d3d6b1cf880b475e75876ab395
                              • Opcode Fuzzy Hash: beb4132e51127e9d0e0c2f76b1fd887744b6a45faeb5d79c2d1b13af09eafb3b
                              • Instruction Fuzzy Hash: B3D05E70D15308DBCB04EFA8D801AAEBBB8DB05701F1050AACC4463350EA746E44DFA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F528B8, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fde2f92a7224be1485ef47dddcfa0869a1ba570f1822d48a6f6e560d3fdc7a0a
                              • Instruction ID: f968cf1cef74defc5c1de98b6fc83cbec99d1a77f568ecdd21fa2d996706b3a4
                              • Opcode Fuzzy Hash: fde2f92a7224be1485ef47dddcfa0869a1ba570f1822d48a6f6e560d3fdc7a0a
                              • Instruction Fuzzy Hash: 37D01738915208DFCB04EBE8D8066ACBB78AB05202F1042EB9C0463255EB706A58DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59A88, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1e2305fbeacd5c05efa1113323b237727d628e5ab255890f065eadcd015b234d
                              • Instruction ID: 7b9a9de846ae04558a42946616c4adfc955f5959796762fa91dbdee102fe68c3
                              • Opcode Fuzzy Hash: 1e2305fbeacd5c05efa1113323b237727d628e5ab255890f065eadcd015b234d
                              • Instruction Fuzzy Hash: 1BD05B70C15348DFC714DBB595046ECBB74AB06201F5004E9CC4466251EA766E55DF62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59B98, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d13a80c673427388d6f9cea6b2a29e67472bf55a76b88d11117973a97d2ca39
                              • Instruction ID: b1ee65314ac9aff1970024e5d03022a63e75bd4ff3a5f4402d90cfd7ffb9dc10
                              • Opcode Fuzzy Hash: 9d13a80c673427388d6f9cea6b2a29e67472bf55a76b88d11117973a97d2ca39
                              • Instruction Fuzzy Hash: 4FD05E70C19248EBDB14EFA5E8006FDBFB89B05201F1000EAC84423291EA756B85EF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F58128, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b72e83b86a0b28215f071de85426a58fb1a8327700144a98826ab202b8ef18e0
                              • Instruction ID: 66d0bc16e07fea8b0b79946556014aab9c0084f63c8c662e323f4cdfb7fba9a4
                              • Opcode Fuzzy Hash: b72e83b86a0b28215f071de85426a58fb1a8327700144a98826ab202b8ef18e0
                              • Instruction Fuzzy Hash: DED05E30D15208DFC700FFA5D9056ADBBB8AB05601F1040AACC4863360EB306A59DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59848, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6009b4c6414485019321175ac73ea89366ba1d444611503ae70b4b60134df252
                              • Instruction ID: 7b73a26147c35b464a261691eb025c9c09b739757453e27ccc3c64ace2f53454
                              • Opcode Fuzzy Hash: 6009b4c6414485019321175ac73ea89366ba1d444611503ae70b4b60134df252
                              • Instruction Fuzzy Hash: 0FD0A770406208DFC704DF52D904AA9732CD707602F00009A8808231219B712904EE54
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C620, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5ac7eb6dc683a2c743d016956aa484d89bdfa2685fa9cc0fd571679cab86b6ae
                              • Instruction ID: b17c20b74d361ba01cb4864a1db1a945361cfa0fe255631234e9a4e98a582285
                              • Opcode Fuzzy Hash: 5ac7eb6dc683a2c743d016956aa484d89bdfa2685fa9cc0fd571679cab86b6ae
                              • Instruction Fuzzy Hash: 8ED0A77040A348DFC314DB65C4046AD737C9B06605F50149EC90913260DA366A01DF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F59420, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 271a199d000e61e2b18825deee1d2d87d31b0bb7c4d5682b0933dc3babca40b2
                              • Instruction ID: b579be3d0bcf14cb2b82e7346eef7910b72ee35e035595a3e1923a230e7a0fda
                              • Opcode Fuzzy Hash: 271a199d000e61e2b18825deee1d2d87d31b0bb7c4d5682b0933dc3babca40b2
                              • Instruction Fuzzy Hash: 08D0A770405348DBC318DB61D805EEAB72CD706202F40509D990C532509BB12D40DE50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F595C0, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0addcd34629a7b8e8e47b4a140cadc9534915f941d68e8948c824bed235cc584
                              • Instruction ID: e37f8ffc7dd20c5838c1aa6e9f3d6ae89fb320ba6a643f9f50fbc4b302e396c5
                              • Opcode Fuzzy Hash: 0addcd34629a7b8e8e47b4a140cadc9534915f941d68e8948c824bed235cc584
                              • Instruction Fuzzy Hash: C5D0A7B0405308DFC304DB51DC04BAA776CDB06611F00109A8908231209EB12A14DE50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C3C8, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bb04944c96fc0de7a1bf0dad7c750e17ab23349373d3b6569670e119e3c9032e
                              • Instruction ID: d9f0e69a98464bf682d65566f086063873bc91d9cb36d91a9c38ccbbb06bb4ed
                              • Opcode Fuzzy Hash: bb04944c96fc0de7a1bf0dad7c750e17ab23349373d3b6569670e119e3c9032e
                              • Instruction Fuzzy Hash: 78D0A97084A30CDBC324DBA188007AEB32C9B06201F1000EA890A23220DAB6A904EFA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E823F4, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212523897.0000000000E82000.00000040.00000001.sdmp, Offset: 00E82000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c72703bbfa0665c6387aae001bb10b59c02e7b65a2691186b9efac3b075d7f33
                              • Instruction ID: c2bc2620543c9931b52495c192e139a857dbb5dc22e7941bb573236a7dbde27c
                              • Opcode Fuzzy Hash: c72703bbfa0665c6387aae001bb10b59c02e7b65a2691186b9efac3b075d7f33
                              • Instruction Fuzzy Hash: 57D05E79215A818FD3269A1CC1A8B953B94AB51B08F4644FEE8048B663C368D981E210
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F500CD, Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f9a82d3defc43729c321962182c6d16cf3e62916f1fd70b16d11ac8bb1c9376c
                              • Instruction ID: 35365272d51045b1e6008e6d21bc8253fadf0513d6c4d0bf71c60085ee695240
                              • Opcode Fuzzy Hash: f9a82d3defc43729c321962182c6d16cf3e62916f1fd70b16d11ac8bb1c9376c
                              • Instruction Fuzzy Hash: 9FD0C936E01108CF8B10CFF9E4404DCF775EB8922AB20946BC518B3310C7329519CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E823BC, Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212523897.0000000000E82000.00000040.00000001.sdmp, Offset: 00E82000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d7dd94acbd842c5484a3f337dfc390949d8b45bbfc07801990a4c48d34698de2
                              • Instruction ID: 55f14e538128a4f08846d0f6c6f3ecfcc9c859c1845d6f13ba460d15ca1eec72
                              • Opcode Fuzzy Hash: d7dd94acbd842c5484a3f337dfc390949d8b45bbfc07801990a4c48d34698de2
                              • Instruction Fuzzy Hash: 9ED05E342006828BC716EB0CC5A4F5937D4AB41B04F0654ECBD048B662C3A8DD81C600
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F52665, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 61f095c3c209fd94b98e7a5a2a56107fdf3d57a0be818c448153c7692dc3c211
                              • Instruction ID: 64a67360f53fe8043640d6b2096f40cbfa8e5dba3bbb43426aa5929c709a953b
                              • Opcode Fuzzy Hash: 61f095c3c209fd94b98e7a5a2a56107fdf3d57a0be818c448153c7692dc3c211
                              • Instruction Fuzzy Hash: F9D01734A10109CBCB54DFA8E680A9C7FB0FB01304F218596DB05A22A4CB70698ADF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5C570, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f7e37e6d0f3a487da98b68edb807f9a133aa08da34aab68459b974afe247907a
                              • Instruction ID: 6a01cd3cd9d438fd4f371cf3c2a7c0ce1db3cf21aceb30143a32978f81491acb
                              • Opcode Fuzzy Hash: f7e37e6d0f3a487da98b68edb807f9a133aa08da34aab68459b974afe247907a
                              • Instruction Fuzzy Hash: 80C02B3005D34487E11823E1680C3FA774CC306306F1118019F0F410320FB07014EEA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 04F528F8, Relevance: 5.1, Strings: 4, Instructions: 136COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$>_?r$`5ar$f]?r
                              • API String ID: 0-3822966099
                              • Opcode ID: cd4a06dc9af3ca8f02e2810b697444f6190e7e7c579d7497e2bd56021953c075
                              • Instruction ID: 713e786d3633772e25311acde92e6f4a230b1b6692ed9ead9b9793a93ca1dd08
                              • Opcode Fuzzy Hash: cd4a06dc9af3ca8f02e2810b697444f6190e7e7c579d7497e2bd56021953c075
                              • Instruction Fuzzy Hash: EE515D70A01209CFE744EF6AD95578DBBF2FF85304F24912AE208AB374DF70290A8B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F528F6, Relevance: 5.1, Strings: 4, Instructions: 135COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$>_?r$`5ar$f]?r
                              • API String ID: 0-3822966099
                              • Opcode ID: c67ee418530bdc93d8e1a7f462960aa7b0b9dc7f0df1403fad80d1fb6b4e08e9
                              • Instruction ID: 7c12eba9e8cb4786bb8d610550cc5b66d3d776fdb4437fd47418bf7db659f596
                              • Opcode Fuzzy Hash: c67ee418530bdc93d8e1a7f462960aa7b0b9dc7f0df1403fad80d1fb6b4e08e9
                              • Instruction Fuzzy Hash: A3513E70A01209CFE744EF6AD95579DBBF2FF85304F24912AE608AB374DF71290A8B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F529AE, Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$>_?r$`5ar
                              • API String ID: 0-2519691439
                              • Opcode ID: cbf6049da98aa6ae5ffecad77c7dc58bf3bdd31567daafe78fc2382e2621dee4
                              • Instruction ID: 93cbee85193093818c2adcb7006d7057a1fd18ff2c4997a24c0030b3c5f448e0
                              • Opcode Fuzzy Hash: cbf6049da98aa6ae5ffecad77c7dc58bf3bdd31567daafe78fc2382e2621dee4
                              • Instruction Fuzzy Hash: E2418E71A016488FE744EF6AED51749BBF2FFC5304F64916AE208AB375EF70250A8B41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F529D6, Relevance: 3.8, Strings: 3, Instructions: 76COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$>_?r$`5ar
                              • API String ID: 0-2519691439
                              • Opcode ID: a07027b350d30d7c0343344e07cef9c479224a907c8d91c25fd0b2ca4d861b01
                              • Instruction ID: 1f1bd874227cb7ed9253839f87bd50c7682af72f97ac9b744ed60e989e9c7488
                              • Opcode Fuzzy Hash: a07027b350d30d7c0343344e07cef9c479224a907c8d91c25fd0b2ca4d861b01
                              • Instruction Fuzzy Hash: E931E671A016058FE748EF6AEE55349BBA2BBC5304F24812BD208A7378EF71150A8B41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00E97818, Relevance: .2, Instructions: 167COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.212555748.0000000000E92000.00000040.00000001.sdmp, Offset: 00E92000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b4cc1303007bb85570b6e1acf9b978b1914459fa04f93499c6a9d7b7df35b8eb
                              • Instruction ID: 6fe948fac3345fef461bc6047c231d77d31ea78060d9bb924790dcec68d74a64
                              • Opcode Fuzzy Hash: b4cc1303007bb85570b6e1acf9b978b1914459fa04f93499c6a9d7b7df35b8eb
                              • Instruction Fuzzy Hash: 5751439A84EBD15EDB530374987A1923F70AE67229B5F08DBC0C1CF5B3E489594AD332
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 04F5CA70, Relevance: .1, Instructions: 55COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000001.00000002.219923193.0000000004F50000.00000040.00000001.sdmp, Offset: 04F50000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 972e52864d7df0a6acb772430ab72da67df177ccda0e49a3667240108f43686e
                              • Instruction ID: d08b155f8633f3bcde6b3021200ef42b1c7e41e79e28a89bc7e0eba5a3984971
                              • Opcode Fuzzy Hash: 972e52864d7df0a6acb772430ab72da67df177ccda0e49a3667240108f43686e
                              • Instruction Fuzzy Hash: 9E112570D002599FCB14DFAAC854BEEBEF0AF0A300F14942AE506F3250D734AA45DFA9
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Analysis Process: n4CeZTejKM.exe PID: 6900 Parent PID: 6528 n4CeZTejKM.exeCOMMON

                              Executed Functions

                              Function 032EB058, Relevance: 2.2, Strings: 1, Instructions: 911COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: r
                              • API String ID: 0-1812594589
                              • Opcode ID: 6832a859595eb20fbfdcabfab6db97362ff61f21e02914bd893c6d5b18002a39
                              • Instruction ID: 583c032470f51e8c42f1566e01fb92d35878ae3a20d70f5b02a0761e5ab36034
                              • Opcode Fuzzy Hash: 6832a859595eb20fbfdcabfab6db97362ff61f21e02914bd893c6d5b18002a39
                              • Instruction Fuzzy Hash: 3F826671A1460ACFCB14CF68C981AADFBF6FF88310F5485A9D45AAB651D730E881CF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E3850, Relevance: 2.0, Strings: 1, Instructions: 761COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: >_?r
                              • API String ID: 0-2961507119
                              • Opcode ID: d055aabbc89f44d585cc36d98ad638363c1634e84d2ae9e24dd193b433777351
                              • Instruction ID: d2269b7b893c3686747019b542ba178efc66d1c71e2488b7fe929a217ad6fab8
                              • Opcode Fuzzy Hash: d055aabbc89f44d585cc36d98ad638363c1634e84d2ae9e24dd193b433777351
                              • Instruction Fuzzy Hash: C752F435A10216CFCB15CF68C8819A9FBF6FF85311B59C5AADA099F212C771EC81CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059025D8, Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON
                              Download Yara Rule
                              APIs
                              • bind.WS2_32(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 0590268B
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: bind
                              • String ID:
                              • API String ID: 1187836755-0
                              • Opcode ID: 48bc481dd025037c4cac201c99355faee26d7b798aed113d922e8d28957c6fc8
                              • Instruction ID: 860dd9e7ea60911bc0c417fa694d24c1d02b31a43de1900b833e6c9763099cc0
                              • Opcode Fuzzy Hash: 48bc481dd025037c4cac201c99355faee26d7b798aed113d922e8d28957c6fc8
                              • Instruction Fuzzy Hash: D03178755093C06FD7138B258C54BA6BFB8AF47220F1984DBE9849F1A3D225A909C772
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059010A3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                              Download Yara Rule
                              APIs
                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05901123
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: AdjustPrivilegesToken
                              • String ID:
                              • API String ID: 2874748243-0
                              • Opcode ID: 26123d80079bc8d188740579d8615d07737ebed9aa1d5304ef94150e23dc2fd7
                              • Instruction ID: bbfbe9cb36385e50ce41b4d784e73f9657394ebb93bace051fbb70e0c86bf30f
                              • Opcode Fuzzy Hash: 26123d80079bc8d188740579d8615d07737ebed9aa1d5304ef94150e23dc2fd7
                              • Instruction Fuzzy Hash: 9621A176509784AFDB238F25DC40B52BFF8EF06310F0885DAE9858F5A3D2759908DBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059012DF, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05901355
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: InformationQuerySystem
                              • String ID:
                              • API String ID: 3562636166-0
                              • Opcode ID: 01d373560153d0c6fca9c48553d749ba67e7c947f17d82c4d5f930f48e37aa73
                              • Instruction ID: bca810da5bd03bf37cc7ea60a60503898b7bd3a85feaf93ea7936b428115cdfe
                              • Opcode Fuzzy Hash: 01d373560153d0c6fca9c48553d749ba67e7c947f17d82c4d5f930f48e37aa73
                              • Instruction Fuzzy Hash: 1021F3714093C0AFDB238B21DC41A51FFB4EF07314F0984DBED844B1A3D2659909DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590262A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON
                              Download Yara Rule
                              APIs
                              • bind.WS2_32(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 0590268B
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: bind
                              • String ID:
                              • API String ID: 1187836755-0
                              • Opcode ID: a907d990642b536127f10092ed4cf7fc9091047bbd836d19f77737cd2f4c0d0a
                              • Instruction ID: 157d0aad28d17be82a09726698529ebb8afe29ef5b813d2a79458c3a0139f641
                              • Opcode Fuzzy Hash: a907d990642b536127f10092ed4cf7fc9091047bbd836d19f77737cd2f4c0d0a
                              • Instruction Fuzzy Hash: BE11B275500204AFEB11DF55DC88FA6FBACEF44710F14886BEE459B291D675E404CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059010DA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05901123
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: AdjustPrivilegesToken
                              • String ID:
                              • API String ID: 2874748243-0
                              • Opcode ID: 52a5f337be6ab52e259b4b0719acb504041cdeb6af43662f87871c10dee99fc8
                              • Instruction ID: c4dcc3dc9f0c3cb6cc67e89ef6ec147b714a1015fbdd0dc3cf434eb196f4cd49
                              • Opcode Fuzzy Hash: 52a5f337be6ab52e259b4b0719acb504041cdeb6af43662f87871c10dee99fc8
                              • Instruction Fuzzy Hash: 54119E355006009FDB64CF55DD44B66FFE9EF04320F08C8AADD498B651D271E408DF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CAF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                              Download Yara Rule
                              APIs
                              • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 016CAFEA
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: NameUser
                              • String ID:
                              • API String ID: 2645101109-0
                              • Opcode ID: 2cc6a65833c61eb9fcffee083ac5a5bd29329055f608f200afd18eac63230769
                              • Instruction ID: ccb58ede65fb13f795f65ae7bb9bff7d2dc05c92dea4f42912c6b7680426e9a3
                              • Opcode Fuzzy Hash: 2cc6a65833c61eb9fcffee083ac5a5bd29329055f608f200afd18eac63230769
                              • Instruction Fuzzy Hash: 52016275500600ABD610DF16DC86F36FBA8FB88B20F14815AED085B741E375F915CBE6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900D66, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemInfo.KERNELBASE(?), ref: 05900D98
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: InfoSystem
                              • String ID:
                              • API String ID: 31276548-0
                              • Opcode ID: eed59cd6ce317d8a7317cbb2643b594c7d4bf9555baf22d9b290cbf1b9b7783f
                              • Instruction ID: 8a70d4694918c744cf41b3ce493059a315ef45803fed60e8593c1e5b0dc2bb56
                              • Opcode Fuzzy Hash: eed59cd6ce317d8a7317cbb2643b594c7d4bf9555baf22d9b290cbf1b9b7783f
                              • Instruction Fuzzy Hash: DE01A274400340DFDB10CF15D888B66FF94EF44320F58D8AADD089F242D675A404CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590131A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05901355
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: InformationQuerySystem
                              • String ID:
                              • API String ID: 3562636166-0
                              • Opcode ID: cf892ea88c58f26b83df56e97e17906c2323398cb7915c5a4be40adbbbed44dc
                              • Instruction ID: 2584e8da92125e54d9f5193aca60f36b577cd42e7164edc6934465f0c8d54c7e
                              • Opcode Fuzzy Hash: cf892ea88c58f26b83df56e97e17906c2323398cb7915c5a4be40adbbbed44dc
                              • Instruction Fuzzy Hash: D9018B35800740DFDB20CF19DC84B66FFA5FF08720F08D89ADE491BA52D2B6A418DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E23A0, Relevance: .5, Instructions: 505COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: df3b234ae5cbfd905c1381b1b7c7f53bb7635a6099c3f3a079873550ec51736e
                              • Instruction ID: 4c3167e1a09eaaf9929d94242bef558b4b0d7fc50d2a87aa3844ab25d5c0e5d8
                              • Opcode Fuzzy Hash: df3b234ae5cbfd905c1381b1b7c7f53bb7635a6099c3f3a079873550ec51736e
                              • Instruction Fuzzy Hash: E212B071E20315CFC724EF29C8816ADBBFAFF85304F98896AD4169B354DB749885CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E8788, Relevance: .5, Instructions: 505COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 496f7c45957cdca2468df3c0600739643465d75f59cc32d3e88e3258bb6eb1ad
                              • Instruction ID: f1ee98c3af65ef41b69be2b6f74bb82ab5f3cdc93b698cf029c0bbd00b26a42a
                              • Opcode Fuzzy Hash: 496f7c45957cdca2468df3c0600739643465d75f59cc32d3e88e3258bb6eb1ad
                              • Instruction Fuzzy Hash: A412CF70E24215CFEB18CF74D58226EBBF6FF84700F98856DE4569B290EBB49881CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E2FA8, Relevance: .2, Instructions: 239COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9cc16ca8e6bb1ea443d8fd83557f5e45929a197684253dbf507317abf309844b
                              • Instruction ID: 2227be31bd81b8a09f1207c9fd1f1980347460a4516569f677a6b55f37869218
                              • Opcode Fuzzy Hash: 9cc16ca8e6bb1ea443d8fd83557f5e45929a197684253dbf507317abf309844b
                              • Instruction Fuzzy Hash: D281F035F211159BC704DB6DC881AAEBBF3AFC8711F6A8479D409EB355DE719C418B80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E09A0, Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: X1ar$X1ar$X1ar$X1ar
                              • API String ID: 0-346077691
                              • Opcode ID: 6d4ea9e68164e3d4d3137dcf0e3b42587b227c4ed68a780a3eed27f09dacd326
                              • Instruction ID: 096c6399eaebaa5842048f1c130ac14034babd25eacb7dcae41d78553b91b412
                              • Opcode Fuzzy Hash: 6d4ea9e68164e3d4d3137dcf0e3b42587b227c4ed68a780a3eed27f09dacd326
                              • Instruction Fuzzy Hash: E051D231B20206DFCB14DBA9DC55AAEB7F6FF84308F5181ADD5069B254DBB0AC42CB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EF058, Relevance: 3.8, Strings: 3, Instructions: 50COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: X1ar$X1ar$X1ar
                              • API String ID: 0-2054406391
                              • Opcode ID: 27be962f3467534f82b22a22761bf461522a0b4f1a26c6982cb14b621466d2dc
                              • Instruction ID: 6972769c23a60ba3aca187244ce0f49f15e21b005ad411dc951e224cec2f7a42
                              • Opcode Fuzzy Hash: 27be962f3467534f82b22a22761bf461522a0b4f1a26c6982cb14b621466d2dc
                              • Instruction Fuzzy Hash: BE012B317103665FC754EBBC98115BE7BDA9FC661474A44AFD84ADF381CA724C0183D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E02E8, Relevance: 2.7, Strings: 2, Instructions: 170COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$`5ar
                              • API String ID: 0-3512261011
                              • Opcode ID: b7b1e2e0dc878da056aafb06503810e21eec9002759b17d8835ccb3142531d81
                              • Instruction ID: 18a235cbf4f57eed0430c2d9614a6a3cde52a301dff31be2a02054ce3d35ed2c
                              • Opcode Fuzzy Hash: b7b1e2e0dc878da056aafb06503810e21eec9002759b17d8835ccb3142531d81
                              • Instruction Fuzzy Hash: A2515D34A152068FDB08DF69C450BAEBBF2FFC8710F54806AD506AB751DBB5AC42CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E2D58, Relevance: 2.6, Strings: 2, Instructions: 136COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: $>_?r
                              • API String ID: 0-334426466
                              • Opcode ID: 12492c4b8f85235062646a553fb69c48e4954c9cea90a5bb1168f30660c3f3ae
                              • Instruction ID: 600791f4fd9a81c32bd999ed0f07f28c37f83d79d4a97f55a81813b8838d98e8
                              • Opcode Fuzzy Hash: 12492c4b8f85235062646a553fb69c48e4954c9cea90a5bb1168f30660c3f3ae
                              • Instruction Fuzzy Hash: 6E41F470E24325CBCB14EF68C8415AEB7BAEBC8204B5CC876C517DB605D671E882C7D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E12A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: $g^r
                              • API String ID: 0-3653196314
                              • Opcode ID: 7f523aa535a8919cef809934eb5af4494e1fc53b21e5fdb4b544f9b63a969e97
                              • Instruction ID: 40eae4957c4b0461949a959ad3b493e9c3051b442655b98074e28aa439e209ff
                              • Opcode Fuzzy Hash: 7f523aa535a8919cef809934eb5af4494e1fc53b21e5fdb4b544f9b63a969e97
                              • Instruction Fuzzy Hash: 5E22E934A10605CFC724DF28C490AA9BBF2FF89310B5485AAD85A9B755DB38FD85CF40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901460, Relevance: 1.6, APIs: 1, Instructions: 123registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 05901556
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: e17124bf099691651e842ac595920c9ec5a2758e4f9911a5243c2f14cb694e77
                              • Instruction ID: 242390a19d0b32c3dff55a84328d727f5bbff241ff96c99eea54f252adde2790
                              • Opcode Fuzzy Hash: e17124bf099691651e842ac595920c9ec5a2758e4f9911a5243c2f14cb694e77
                              • Instruction Fuzzy Hash: 9341266500E7C06FD3138B358C61A61BF74EF47614B0E85CBE884CF5A3D269690AD772
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0590045E
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 0963a6202faaf36609f7b77cff309c44c4d1a19663079bbdef3af3ce8ee6e099
                              • Instruction ID: be13014a7e12549d8ea6ad607ef9ff088225ab0ef54106bc309b0f315923180c
                              • Opcode Fuzzy Hash: 0963a6202faaf36609f7b77cff309c44c4d1a19663079bbdef3af3ce8ee6e099
                              • Instruction Fuzzy Hash: 6D31D772004344AFE7228F11DC41FA6FFB8EF06710F14899EE9859B192D3A5A949CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059007F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05900899
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: ae65e8448afe7c74f5ce4604ae3764f0f2187a90325ff88813ea742f7827186a
                              • Instruction ID: de10c51c6d18d9b583e51f230acea48bf3ac8cb7a707cf9406775df187b4f527
                              • Opcode Fuzzy Hash: ae65e8448afe7c74f5ce4604ae3764f0f2187a90325ff88813ea742f7827186a
                              • Instruction Fuzzy Hash: 07318E71504380AFE722CB25DC44F66BFE8FF45210F0884AAED858B292D365E805DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CAA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 016CAAB1
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: 82f4f1949172b105e71c70d940e3cb818371e09003e02a2a26ec44c69baf379c
                              • Instruction ID: 4ff1599df86b7f3360f542707db150ece2e706d59fef02adc7a0fc02ec0c8e30
                              • Opcode Fuzzy Hash: 82f4f1949172b105e71c70d940e3cb818371e09003e02a2a26ec44c69baf379c
                              • Instruction Fuzzy Hash: 4631B472544384AFE7228B69CC45F67BFACEF06710F08849BED819B252D265A809CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059028BF, Relevance: 1.6, APIs: 1, Instructions: 90windowCOMMON
                              Download Yara Rule
                              APIs
                              • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 0590297A
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FormatMessage
                              • String ID:
                              • API String ID: 1306739567-0
                              • Opcode ID: 940a09c7fa40bf9ecace9d34e3762b7c5afd22f3d0bd82c34d098a55e9ab15f7
                              • Instruction ID: 536313bfd4389fdb8a31ba8cde50fa94b3fedacaa58876d131237f6f98f0cf10
                              • Opcode Fuzzy Hash: 940a09c7fa40bf9ecace9d34e3762b7c5afd22f3d0bd82c34d098a55e9ab15f7
                              • Instruction Fuzzy Hash: 0731817640D3C05FD7038B258C61A52BFB4EF87610F1A80CBD9848F1A3E6246909C7A2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05902360, Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                              Download Yara Rule
                              APIs
                              • GetProcessTimes.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 059023FD
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: ProcessTimes
                              • String ID:
                              • API String ID: 1995159646-0
                              • Opcode ID: 69be3c34abba645148812ef2a4a857a00d4d5bf72e44ed1763d93c8f726fe0f3
                              • Instruction ID: aadb687bd70070ab567365b37f0d4ef173639db783eb843ba52019ea0c4e3c4c
                              • Opcode Fuzzy Hash: 69be3c34abba645148812ef2a4a857a00d4d5bf72e44ed1763d93c8f726fe0f3
                              • Instruction Fuzzy Hash: 1631C372009380AFEB128F65DC45FA6BFB8EF46314F0884DBE9859B1A3D225A905C771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059000F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              • CreateMutexW.KERNELBASE(?,?), ref: 0590019D
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: a4c0cfae1a03804fba040ce47edb11b3c65a4caab82de2d07735089c8615c671
                              • Instruction ID: 70a1c58ee5b76a11de21a0786be61c03491a097361e3474eac6fe1c21c208387
                              • Opcode Fuzzy Hash: a4c0cfae1a03804fba040ce47edb11b3c65a4caab82de2d07735089c8615c671
                              • Instruction Fuzzy Hash: 92319FB1509780AFE712CF25DC85F56FFF8EF06210F18849AE984CB292D375A909CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CAAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 016CABB4
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: a05189ac828cafebe3af815008eb5b1d02a85f3f1a9ae9f1b82f6e8f354fb45e
                              • Instruction ID: 873e1432fc7d92f3976b343883d7fdf3c6eb0a007ac61531fae33c6347ff3c90
                              • Opcode Fuzzy Hash: a05189ac828cafebe3af815008eb5b1d02a85f3f1a9ae9f1b82f6e8f354fb45e
                              • Instruction Fuzzy Hash: A2318175109384AFE722CB65CC44F62BFA8EF06710F18849AE9859B252D364E949CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901EF4, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileView
                              • String ID:
                              • API String ID: 3314676101-0
                              • Opcode ID: 4aaaa5bf39da21e074e81ffb13417de614b524618072a8b19fdd04ec87586439
                              • Instruction ID: dba56f0e79f1ac713059e1247a50d9b4d9ef8d612b53e6558cab863b48b94cd6
                              • Opcode Fuzzy Hash: 4aaaa5bf39da21e074e81ffb13417de614b524618072a8b19fdd04ec87586439
                              • Instruction Fuzzy Hash: A331C2B2404780AFE722CB55DC45F96FFF8FF06320F04859AE9849B292D365A909CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059004AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 0590055C
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 49181318267eb34c308b28c7eafe5d43731f794fea4a85e41b6c02fadcf5a182
                              • Instruction ID: 9f7be04ab4e0be0eb62fde6f3a5cfd3850c862882030c655abf0b24ab1f04022
                              • Opcode Fuzzy Hash: 49181318267eb34c308b28c7eafe5d43731f794fea4a85e41b6c02fadcf5a182
                              • Instruction Fuzzy Hash: 33318072109780AFD722CB65DC44F92BFF8AF07310F4885DAE9859B1A2D265A809CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CAF50, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                              Download Yara Rule
                              APIs
                              • GetUserNameW.ADVAPI32(?,00000E2C,?,?), ref: 016CAFEA
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: NameUser
                              • String ID:
                              • API String ID: 2645101109-0
                              • Opcode ID: 15f1ea40e003d0c3bd66a64690bf38cb3462b2da68625019f58d6e84bf8081d1
                              • Instruction ID: 31734c0c960a3d1676ada91bae222dfa5980001d99bb73f5ac78a56fe619cd63
                              • Opcode Fuzzy Hash: 15f1ea40e003d0c3bd66a64690bf38cb3462b2da68625019f58d6e84bf8081d1
                              • Instruction Fuzzy Hash: 2431717540E3C06FD3138B658C51B22BFB4EF47610F0A41DBE884CB5A3D228A919C762
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA120, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON
                              Download Yara Rule
                              APIs
                              • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 016CA1C2
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: Startup
                              • String ID:
                              • API String ID: 724789610-0
                              • Opcode ID: 2db41eeeded8b5f9b0c953926a1cf51c1cd96ad55af90155ac6bba45f223d855
                              • Instruction ID: 41cd381f443c4614b5d5a202acb2bbd36316b023df4c824e83f49bd95ca0594c
                              • Opcode Fuzzy Hash: 2db41eeeded8b5f9b0c953926a1cf51c1cd96ad55af90155ac6bba45f223d855
                              • Instruction Fuzzy Hash: 8231D37140D3C06FD3128B758C55B62BFB4EF87620F1985DBD9C48F1A3D229A909CBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059002AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05900353
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: f70dbddb34c9bb6f16b306e4e64994d7ce8f295711fe98feda9c7324cdab2fb2
                              • Instruction ID: 3252f117152fe64b75072d703721c015ff81dd93e0665d67ee2c3df14f018eaf
                              • Opcode Fuzzy Hash: f70dbddb34c9bb6f16b306e4e64994d7ce8f295711fe98feda9c7324cdab2fb2
                              • Instruction Fuzzy Hash: 6C219776009780AFE7228F21DC45FA6FFB8EF06710F1884DAE9849B192D265A949C771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059008F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              • GetFileType.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 05900985
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileType
                              • String ID:
                              • API String ID: 3081899298-0
                              • Opcode ID: b4fbed462b2072b609c0e064df450b2a6dcca2200e16182ec51e9831cd5deb3e
                              • Instruction ID: 82f5aa058a963dbc3f7222fc5912b6c305f2b9f6eee91e4e5b5d3d7de0106465
                              • Opcode Fuzzy Hash: b4fbed462b2072b609c0e064df450b2a6dcca2200e16182ec51e9831cd5deb3e
                              • Instruction Fuzzy Hash: B921D6B64087846FE7128B25DC44FA2BFA8EF46720F18849BED949B193D264A905C771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901E12, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              • OpenFileMappingW.KERNELBASE(?,?), ref: 05901E9D
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileMappingOpen
                              • String ID:
                              • API String ID: 1680863896-0
                              • Opcode ID: 9e2f5f52fb3442c60a0b0e04c35604f9decc3131eb41b230f43514ea3c7d194c
                              • Instruction ID: d0bb5f501c7da7d3c2b8e0fc8aa9325ed200ecaa7b89d18b4383b178beacd89d
                              • Opcode Fuzzy Hash: 9e2f5f52fb3442c60a0b0e04c35604f9decc3131eb41b230f43514ea3c7d194c
                              • Instruction Fuzzy Hash: FF219171509380AFE711CB65DC44F66FFE8EF45310F18849EE9849B292D375A908CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901582, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                              Download Yara Rule
                              APIs
                              • WSASocketW.WS2_32(?,?,?,?,?), ref: 0590160E
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: Socket
                              • String ID:
                              • API String ID: 38366605-0
                              • Opcode ID: fcd05aaa1ff946923fffd4d1c1e6511699cad3083d1ff3687f20a8f4a1c8b608
                              • Instruction ID: d611d5e47e41e3a5b8457ff351b01a67d8144d4ad82d7c6bd00d369a221eb194
                              • Opcode Fuzzy Hash: fcd05aaa1ff946923fffd4d1c1e6511699cad3083d1ff3687f20a8f4a1c8b608
                              • Instruction Fuzzy Hash: 1521A071405380AFE722CF65DC44F66FFB8EF05320F08849EEA849B692D375A408CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05900899
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 30c23eead4ef3c367bb2024e8171a5776aadc93a5445dea2a093d602a8f6bed6
                              • Instruction ID: 76990f33cd28f36adf4c374510ee9e1d79e301e8264eb35c9b6186447db3b914
                              • Opcode Fuzzy Hash: 30c23eead4ef3c367bb2024e8171a5776aadc93a5445dea2a093d602a8f6bed6
                              • Instruction Fuzzy Hash: D4219C75504340AFE721DF65C844F66FBE8FF04210F14886AEE858B291D376E404CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900C58, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileA.KERNELBASE(?,00000E2C), ref: 05900CEF
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: f03f48e00bc4ef0d886b1d45f8531b3e0642fe6919fe7622f9e7398024b27db8
                              • Instruction ID: 77821ed1e9b1af622fde2701e20d37f2731335be9e288e764d98ff8bf74b75f3
                              • Opcode Fuzzy Hash: f03f48e00bc4ef0d886b1d45f8531b3e0642fe6919fe7622f9e7398024b27db8
                              • Instruction Fuzzy Hash: 7C210A71105380AFE7218B25DC45FA6FFB8EF42710F1884DAFD849F192D275A905C761
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059009C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                              Download Yara Rule
                              APIs
                              • ReadFile.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 05900A51
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileRead
                              • String ID:
                              • API String ID: 2738559852-0
                              • Opcode ID: 8cfb23c43d56376bb7c3b4c9923a3291393f7850e15cab358216dcbac2c56f0f
                              • Instruction ID: e24a5ee315d29246ce81ffb96ab6a7714cb14750003bc59f61a5a5b86eb19c67
                              • Opcode Fuzzy Hash: 8cfb23c43d56376bb7c3b4c9923a3291393f7850e15cab358216dcbac2c56f0f
                              • Instruction Fuzzy Hash: F5217472409380AFD7228F65DC44F56FFB8EF46314F0884DBE9449B193C265A909CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059003CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 0590045E
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: e857aeddcbca17680498dff859deadde693b67ba7a765b3decafa557066267d5
                              • Instruction ID: 84f1803c81a0da7675809f9836272962c322c1a2a87b99e6465800cca89e78f1
                              • Opcode Fuzzy Hash: e857aeddcbca17680498dff859deadde693b67ba7a765b3decafa557066267d5
                              • Instruction Fuzzy Hash: 9E21F272100304AFFB21DF15DC85FB6FBACEF04710F10895AEE459A281D6B1A509CBB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900B79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegSetValueExW.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 05900C10
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: Value
                              • String ID:
                              • API String ID: 3702945584-0
                              • Opcode ID: c94931a8c8ffc15fb2e3741fe5552a9964c03c300600d0bb5323d3b2b74108c5
                              • Instruction ID: 186c3fbb2f1f73135ec125a663ba429d04f16d11824fc7c5499b99ee13594180
                              • Opcode Fuzzy Hash: c94931a8c8ffc15fb2e3741fe5552a9964c03c300600d0bb5323d3b2b74108c5
                              • Instruction Fuzzy Hash: D02190B2504740AFE7218F15DC85F67FFECEF05310F48889AE9859B292D264E809CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CAA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 016CAAB1
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: a209bb4323ee856566556f9d270284e45f524b75a3b30584363ce88b16b8602d
                              • Instruction ID: c0dcc3cbf5aa8d3b5b70f34028482a63cd4469f8d89679883f5ef26355352872
                              • Opcode Fuzzy Hash: a209bb4323ee856566556f9d270284e45f524b75a3b30584363ce88b16b8602d
                              • Instruction Fuzzy Hash: C121CF72500204AEE7219BA9CD84F6BFBECEF04720F14845AEE419B241E664E8098BB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              • CreateMutexW.KERNELBASE(?,?), ref: 0590019D
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: f5b8cc3ad5425925ca84a03ff3ebf79ac0b7d8723fd6dfac2c2aca0f5e6fa1d4
                              • Instruction ID: 5cbb855f3fdf9ce6b15f5df250043d10e63be9ba7a43905baa40baaed457478f
                              • Opcode Fuzzy Hash: f5b8cc3ad5425925ca84a03ff3ebf79ac0b7d8723fd6dfac2c2aca0f5e6fa1d4
                              • Instruction Fuzzy Hash: F321BB71504240AFE720DF29DD89F6AFFE8EF04220F1488AAED498B281D371E904CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON
                              Download Yara Rule
                              APIs
                              • CopyFileW.KERNELBASE(?,?,?), ref: 05900B1E
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CopyFile
                              • String ID:
                              • API String ID: 1304948518-0
                              • Opcode ID: b09c1f3350cad2ee061502da53fe98d724da2ac23bb52067ad92a85e9822dc9f
                              • Instruction ID: 3d9940293d632e9c4fbbcca94b5782575a65df12b83013487a4ede5241b66500
                              • Opcode Fuzzy Hash: b09c1f3350cad2ee061502da53fe98d724da2ac23bb52067ad92a85e9822dc9f
                              • Instruction Fuzzy Hash: 6E2192B15093845FDB22CF29DC55B62BFE8AF46314F0884EAED85DB293D225D808C771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                              Download Yara Rule
                              APIs
                              • CreateDirectoryW.KERNELBASE(?,?), ref: 0590079F
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CreateDirectory
                              • String ID:
                              • API String ID: 4241100979-0
                              • Opcode ID: c6865ce2183eacd6fe5f29efd37b4be36de76d83984cfd141ee70b604ad49fcb
                              • Instruction ID: 45fb141df437e1c960c677ec09159ac14996efa31558a6b612d7af344c939d83
                              • Opcode Fuzzy Hash: c6865ce2183eacd6fe5f29efd37b4be36de76d83984cfd141ee70b604ad49fcb
                              • Instruction Fuzzy Hash: EA2183765093809FD711CF25DC49B66BFF8EF46210F0984EAE945DF192D274D908CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CAB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 016CABB4
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 19d0b452f0c07cc082627b4d9095036b7395d9d50044e2e7557203eea7f7c386
                              • Instruction ID: 0535e9fe0175c8b3e0c23ee44e44835e95fc220d7c391c47fda5eeffbab4b247
                              • Opcode Fuzzy Hash: 19d0b452f0c07cc082627b4d9095036b7395d9d50044e2e7557203eea7f7c386
                              • Instruction Fuzzy Hash: DA216F75500608AFE721CE69DC40F66FBECEF05710F14849AEA459B251E760E408CA71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901E32, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                              Download Yara Rule
                              APIs
                              • OpenFileMappingW.KERNELBASE(?,?), ref: 05901E9D
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileMappingOpen
                              • String ID:
                              • API String ID: 1680863896-0
                              • Opcode ID: 8ba807bc27a2911b44dc234e92710965bd7af90e2383b3ccdf7326546e93b9f1
                              • Instruction ID: aa508ebaf10b7949597d09e20189f384be89e168ed988efc375591c49680bc04
                              • Opcode Fuzzy Hash: 8ba807bc27a2911b44dc234e92710965bd7af90e2383b3ccdf7326546e93b9f1
                              • Instruction Fuzzy Hash: 0A21AE71504200AFE720DF65DC85F6AFFE8EF44320F14886AED459B281D375A808CA72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901170, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 059011DC
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: b22ce3e471eca843cb154eea8347c9c4e3a08888497044971fd1ca21576b3536
                              • Instruction ID: 5d627cd5904381acd9f42a0cd610939767e372e8ed2dc5356899a2d780ec68b1
                              • Opcode Fuzzy Hash: b22ce3e471eca843cb154eea8347c9c4e3a08888497044971fd1ca21576b3536
                              • Instruction Fuzzy Hash: 9021D1725093C05FDB028B25DC50A92BFA8AF43324F0984DAED848F663D2749908CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059015A2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                              Download Yara Rule
                              APIs
                              • WSASocketW.WS2_32(?,?,?,?,?), ref: 0590160E
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: Socket
                              • String ID:
                              • API String ID: 38366605-0
                              • Opcode ID: a508f659fa0abd6e966b791185e43b284695dc991e5f94fc83e4923cee87f527
                              • Instruction ID: 9f088eb59c8f8250ec949980e753752746d30fa1d32ae66d2088353acb4edd28
                              • Opcode Fuzzy Hash: a508f659fa0abd6e966b791185e43b284695dc991e5f94fc83e4923cee87f527
                              • Instruction Fuzzy Hash: 7721CF71500600AFEB21DF65DC44F66FFE8EF04320F18886AEE859B691D372A408CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059001F4, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 05900264
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 6098f9dbf6120254aff6fd004aab81dbd1c116d819203846cb9ae7fc51eed396
                              • Instruction ID: 3e18cff5c1bf374f4e8b1b7e63b5126083cd61770eb85a7a3b09b243674ffb67
                              • Opcode Fuzzy Hash: 6098f9dbf6120254aff6fd004aab81dbd1c116d819203846cb9ae7fc51eed396
                              • Instruction Fuzzy Hash: 4021C6B14057849FD712CF18DC85B51BFA8FF42320F0984DADD449F593D274A905CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901F32, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileView
                              • String ID:
                              • API String ID: 3314676101-0
                              • Opcode ID: 1e0ad564f26048ecab5c4369ceb7f3a95d74010eb2811159659427b163b9596e
                              • Instruction ID: f2561d8bc7c95caac51c6ab8f10c7c4db1d49e97c6bab5bb0ec75d366a5aeb9a
                              • Opcode Fuzzy Hash: 1e0ad564f26048ecab5c4369ceb7f3a95d74010eb2811159659427b163b9596e
                              • Instruction Fuzzy Hash: 95219D71500200AFE721DF55DC84FA6FBE8EF08320F14885AEA849B281D7B5A508CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901225, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              APIs
                              • K32EnumProcesses.KERNEL32(?,?,?,B9C75BA2,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05901296
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: EnumProcesses
                              • String ID:
                              • API String ID: 84517404-0
                              • Opcode ID: ed411955133ef5f86aac2fb2e41b24918c6dba1ed6e4cfcb44d30b7cbccb286f
                              • Instruction ID: 32bca25b73cd9aad6598712a2678080ca248433d73ecf4c20d7c5494866df6d3
                              • Opcode Fuzzy Hash: ed411955133ef5f86aac2fb2e41b24918c6dba1ed6e4cfcb44d30b7cbccb286f
                              • Instruction Fuzzy Hash: CB2162715093849FD712CF65DC44B92BFE8EF06310F0984EAE985DF163D275A908DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegSetValueExW.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 05900C10
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: Value
                              • String ID:
                              • API String ID: 3702945584-0
                              • Opcode ID: b01f53d591c7106135611066f723b8332e89c1b1b9cba1546bb38522ff531586
                              • Instruction ID: aabbfc189856f482dbc684828cd4db6c080b767a81883f5752998a3e0556f7ce
                              • Opcode Fuzzy Hash: b01f53d591c7106135611066f723b8332e89c1b1b9cba1546bb38522ff531586
                              • Instruction Fuzzy Hash: 3C119D72500704AFEB20DF19DC85F67FBECEF05720F54886AEE459B281D6A4E409CA72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059004EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 0590055C
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: cf5170b3ee9dc4e0930be0ac679ddb41b641074bc7a9726d5a29a95003955010
                              • Instruction ID: 7a4a4d2eeab9713e25f01e71b7b6dd554f491a80b97e4b608b9c15a13753a474
                              • Opcode Fuzzy Hash: cf5170b3ee9dc4e0930be0ac679ddb41b641074bc7a9726d5a29a95003955010
                              • Instruction Fuzzy Hash: 12117C72500604EEEB20CF1ADC85F67FBECEF04720F54886AEA469B291D664E409CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900E9C, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                              Download Yara Rule
                              APIs
                              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05900F06
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: LookupPrivilegeValue
                              • String ID:
                              • API String ID: 3899507212-0
                              • Opcode ID: 78a8057749f4b0c904c9488db3dc0b75cdce31d3b48b7736c3cbc3ea79b92fb1
                              • Instruction ID: e8ec20c960d2ec525d0233698bbd8dcf9b8552f847751d2d2caeed4c6f6de871
                              • Opcode Fuzzy Hash: 78a8057749f4b0c904c9488db3dc0b75cdce31d3b48b7736c3cbc3ea79b92fb1
                              • Instruction Fuzzy Hash: 1A1181725093809FD721CF25DC85B67FFE8EF45210F0884AAED49DB692D274E948CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590239E, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                              Download Yara Rule
                              APIs
                              • GetProcessTimes.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 059023FD
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: ProcessTimes
                              • String ID:
                              • API String ID: 1995159646-0
                              • Opcode ID: a2156c3c3c0115cb8de9996931939da43c2430a7af2ee8d7f72b81f009cee9e2
                              • Instruction ID: 027f72f01dcd21d31355fe5e039b34ffbfcc5292ba17257a7cbc606283eb6e92
                              • Opcode Fuzzy Hash: a2156c3c3c0115cb8de9996931939da43c2430a7af2ee8d7f72b81f009cee9e2
                              • Instruction Fuzzy Hash: F511D071500200AFEB21CF65DC44F6BFBA8EF04320F14886BEE459B291C674A8088B71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CA58A
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 38baf198d1801c5397db493dd1fbef7906f1734870a1087e2198b1ccc6fd2ba5
                              • Instruction ID: 4ea6a985526190128c89114a1c720970d2e944c5ebcb15d13668e1d7248d316a
                              • Opcode Fuzzy Hash: 38baf198d1801c5397db493dd1fbef7906f1734870a1087e2198b1ccc6fd2ba5
                              • Instruction Fuzzy Hash: 7011A271409384AFDB228F55DC44A62FFF4EF4A210F08C5DEEE858B262D375A818DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CB7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,?,?,?), ref: 016CB841
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 6e2ecc793bac7bf5ea4f1cb5f829953af620776346be8c8a5ce59bba598c752c
                              • Instruction ID: da4718eec21a55e399052396f2f522c4f5b00ec79675171593085370451b5d12
                              • Opcode Fuzzy Hash: 6e2ecc793bac7bf5ea4f1cb5f829953af620776346be8c8a5ce59bba598c752c
                              • Instruction Fuzzy Hash: 4F218C764097C09FDB138B25DC51AA2BFB0EF07220F0D84DAEDC45F263D265A958DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900C86, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileA.KERNELBASE(?,00000E2C), ref: 05900CEF
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: b4ecc9b430657dff1070e5e570f39a9d40a35c9ff110bdae09b0e3e38665388a
                              • Instruction ID: 0acf27cac35d11ead3da4066b39201738c25012a9d016a50e6e7baa6a96e9076
                              • Opcode Fuzzy Hash: b4ecc9b430657dff1070e5e570f39a9d40a35c9ff110bdae09b0e3e38665388a
                              • Instruction Fuzzy Hash: 6D113631100300AFF720DB25DC45F76FB98EF00720F14846AEE049B281D6B4A8048A71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059002DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 05900353
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: 5d0255dd97b44ec0a5a81d94cc2801f62d9f86c3c1ed3e10221d93fdb6369f62
                              • Instruction ID: 24fd4175617e88e5ae07100cf5fd8202a8af24d49bc9cbf6c95aa6af93c156c5
                              • Opcode Fuzzy Hash: 5d0255dd97b44ec0a5a81d94cc2801f62d9f86c3c1ed3e10221d93fdb6369f62
                              • Instruction Fuzzy Hash: 3411C171100700EFEB21DF15DC45F76FFA8EF05720F14889AEE455A291C2B5A509CBB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059009F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                              Download Yara Rule
                              APIs
                              • ReadFile.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 05900A51
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileRead
                              • String ID:
                              • API String ID: 2738559852-0
                              • Opcode ID: ed68c172b77c176734ead0cce9e50c962212360e09b1a49d5272af533269919f
                              • Instruction ID: b5ee71cc80c554d6903de403bc0d7d5428524efebb87cdc4b543a0bfd3439e03
                              • Opcode Fuzzy Hash: ed68c172b77c176734ead0cce9e50c962212360e09b1a49d5272af533269919f
                              • Instruction Fuzzy Hash: 9511C172500200EFEB21CF55DC49F6AFFA8EF44720F14886BEE499B291C275A409CBB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CBB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 016CBBB9
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 1a1e297873f329ba630e82391d15aba0024583d92e6f2e3f3b49c7346363a8fd
                              • Instruction ID: 8b89d09a14e671549c3f28a093119d4cae47b7ec8d93d7086dcb9d138b89e9c7
                              • Opcode Fuzzy Hash: 1a1e297873f329ba630e82391d15aba0024583d92e6f2e3f3b49c7346363a8fd
                              • Instruction Fuzzy Hash: 9411D3354093C0AFD7228F25DC45B52FFB4EF06220F0884DEED858B663D365A858DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CBE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                              Download Yara Rule
                              APIs
                              • DispatchMessageW.USER32(?), ref: 016CBE70
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 12023ac14471a5183394922832465f69fa961abd1f0546aa4d65d59719160318
                              • Instruction ID: 51ff329a7c89af0987acef7ad0ffff5f28a62c3b3c2c52f0eaff14c482b28520
                              • Opcode Fuzzy Hash: 12023ac14471a5183394922832465f69fa961abd1f0546aa4d65d59719160318
                              • Instruction Fuzzy Hash: A2117C758093C0AFD7138B25DC44B62BFB4EF47624F0980DEED849F263D2696808CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CB71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                              Download Yara Rule
                              APIs
                              • CreateIconFromResourceEx.USER32 ref: 016CB78A
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: CreateFromIconResource
                              • String ID:
                              • API String ID: 3668623891-0
                              • Opcode ID: 5d2072d718aa435601cd3d3fb0b61371ded8cfa3857d4e54bace5c9522d2d95a
                              • Instruction ID: 0d57d8888a4ced7ce5d51c075352e5ecfca3453bebf3ac3f0ee9efe140771f0d
                              • Opcode Fuzzy Hash: 5d2072d718aa435601cd3d3fb0b61371ded8cfa3857d4e54bace5c9522d2d95a
                              • Instruction Fuzzy Hash: 1C119031404380AFDB228F55DC44A62FFF4EF49310F08859EEE858B562C375A418DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900D33, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                              Download Yara Rule
                              APIs
                              • GetSystemInfo.KERNELBASE(?), ref: 05900D98
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: InfoSystem
                              • String ID:
                              • API String ID: 31276548-0
                              • Opcode ID: 958eadb3751290e33e23f6694e3ebba30d7cff42422f8f5c9e32bda4cda1b972
                              • Instruction ID: 7b0ef1d05d43345f5ccb0e4068eba1f56640cc2924b656238cf5d97ab29d8086
                              • Opcode Fuzzy Hash: 958eadb3751290e33e23f6694e3ebba30d7cff42422f8f5c9e32bda4cda1b972
                              • Instruction Fuzzy Hash: D3118E7540A3C0AFD7128B25DC44B92BFB4EF42224F0984EBED849F163C279A849CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CBEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileW.KERNELBASE(?), ref: 016CBF0C
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: b40c91741effc7242501511f2404fe887312cddf7b87edf5e1eb7d3a3643a216
                              • Instruction ID: b7ca4f18d0ebad36a6748278d380ecb6681aaa91f2298e6d18a2a3ffa1fba396
                              • Opcode Fuzzy Hash: b40c91741effc7242501511f2404fe887312cddf7b87edf5e1eb7d3a3643a216
                              • Instruction Fuzzy Hash: 3111C1725053809FD711CF29DC85B62BFE8EF46620F0880AAED45CF252D275E808CF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900EBE, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                              Download Yara Rule
                              APIs
                              • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05900F06
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: LookupPrivilegeValue
                              • String ID:
                              • API String ID: 3899507212-0
                              • Opcode ID: ec1a7dfbadc1b30cba91c227cddda9663921f6d0c588d6e6fafc0e8b11f3e994
                              • Instruction ID: 21f1995d240c27be1f8262fb831c2be6857f5b23f5e6abcb78ee4e47158590f4
                              • Opcode Fuzzy Hash: ec1a7dfbadc1b30cba91c227cddda9663921f6d0c588d6e6fafc0e8b11f3e994
                              • Instruction Fuzzy Hash: A811A5716042409FD710CF29D884B66FFD8EF04310F48D8AADE09DB681D674E904CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                              Download Yara Rule
                              APIs
                              • CopyFileW.KERNELBASE(?,?,?), ref: 05900B1E
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CopyFile
                              • String ID:
                              • API String ID: 1304948518-0
                              • Opcode ID: ec1a7dfbadc1b30cba91c227cddda9663921f6d0c588d6e6fafc0e8b11f3e994
                              • Instruction ID: 7335e4c4eccb9f285b4296553654258ca467ffdca77e45aa368f189412d61d2a
                              • Opcode Fuzzy Hash: ec1a7dfbadc1b30cba91c227cddda9663921f6d0c588d6e6fafc0e8b11f3e994
                              • Instruction Fuzzy Hash: C9117CB16002049FDB10DF2AD889B66FBDCEB04724F5898AADD49DB282D674E804CA61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • GetFileType.KERNELBASE(?,00000E2C,B9C75BA2,00000000,00000000,00000000,00000000), ref: 05900985
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FileType
                              • String ID:
                              • API String ID: 3081899298-0
                              • Opcode ID: fd06e81195b33d9fa3cdf36f1c7ca304605655d82251fc2998ed96659226868e
                              • Instruction ID: 3f155221e045e6356e40c9d7ca0ac52f9627ef6646876b3bf5421979bafb5e58
                              • Opcode Fuzzy Hash: fd06e81195b33d9fa3cdf36f1c7ca304605655d82251fc2998ed96659226868e
                              • Instruction Fuzzy Hash: 1601D271500704AEEB10CB19DC85F66FFACEF05720F54C4A7EE54AB381C6B4A4488AB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • CreateDirectoryW.KERNELBASE(?,?), ref: 0590079F
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: CreateDirectory
                              • String ID:
                              • API String ID: 4241100979-0
                              • Opcode ID: 38dc145186a0a1d8f9a3e540b5bd8f87f7d1181b8aa24c8750c85ea09c0aaf4b
                              • Instruction ID: 59ccbb9bb2fb1a5878fe2b21fe0c2e853c9895fa46d8b8bddaf243c5ef4bd5c6
                              • Opcode Fuzzy Hash: 38dc145186a0a1d8f9a3e540b5bd8f87f7d1181b8aa24c8750c85ea09c0aaf4b
                              • Instruction Fuzzy Hash: D0118E756002409FDB10CF29DC89B66FBE8EF04220F4CD8AADD09DB681D678E804CF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA75B, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: closesocket
                              • String ID:
                              • API String ID: 2781271927-0
                              • Opcode ID: c2c9858835fdacc5f8d4ed61b3f1cf676724d2e0c71192ba7db36ff6490505d6
                              • Instruction ID: 6e3f9da8886dd7daeb7a4b945759afdfb970b3c798d622841e9f8cdb5d7d8b5d
                              • Opcode Fuzzy Hash: c2c9858835fdacc5f8d4ed61b3f1cf676724d2e0c71192ba7db36ff6490505d6
                              • Instruction Fuzzy Hash: C7119E75449384AFD712CF15DC84B62BFB4EF46220F0884DAED499F253D275A948CBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901256, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              • K32EnumProcesses.KERNEL32(?,?,?,B9C75BA2,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05901296
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: EnumProcesses
                              • String ID:
                              • API String ID: 84517404-0
                              • Opcode ID: f17e5c41ddf3ce33f7a7b867a7e1149feb4ac194311744b1a77f56ae019c1ae6
                              • Instruction ID: 7cd6453189bd7c035f9be076536caf1b8d7b31fd212dc457afa05e92d130acbb
                              • Opcode Fuzzy Hash: f17e5c41ddf3ce33f7a7b867a7e1149feb4ac194311744b1a77f56ae019c1ae6
                              • Instruction Fuzzy Hash: C811C0755002449FDB20CF6ADC84BA6FFE8EF04320F08C8AADD09DB691D275E848DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,?,?), ref: 016CA926
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 3d976392687387a15a5ff453140203fe51f61eca90dd9f2e9e664ed557972c30
                              • Instruction ID: e296f787ca8cd6d9238310af4fd06642d14ee831562a373837e71b4c0a7903b2
                              • Opcode Fuzzy Hash: 3d976392687387a15a5ff453140203fe51f61eca90dd9f2e9e664ed557972c30
                              • Instruction Fuzzy Hash: ED11CE35409784AFC7228F55DC85A62FFF4EF06220F09C4DAEE855B263D375A808CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0590292A, Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                              Download Yara Rule
                              APIs
                              • FormatMessageW.KERNELBASE(?,00000E2C,?,?), ref: 0590297A
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: FormatMessage
                              • String ID:
                              • API String ID: 1306739567-0
                              • Opcode ID: e75da87d383040163547661c9151985b306f2c2bb023fb4131c80704d8202463
                              • Instruction ID: 35fa7ddb17d9edf0a3288fcfa61ab0e64d3766001cb5511328fa5d32ad4e01f3
                              • Opcode Fuzzy Hash: e75da87d383040163547661c9151985b306f2c2bb023fb4131c80704d8202463
                              • Instruction Fuzzy Hash: DA015E76500600ABD610DF16DC85B26FBA8EB88A20F14856AED089B641E375B915CBA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON
                              Download Yara Rule
                              APIs
                              • WSAStartup.WS2_32(?,00000E2C,?,?), ref: 016CA1C2
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: Startup
                              • String ID:
                              • API String ID: 724789610-0
                              • Opcode ID: 23af962d6cb4304c193ba9dd65ed8bc060e6260dc13ed62039ccf4a67deb6e0e
                              • Instruction ID: 83735aa3c094544d05441ffde336250bd59e2f67764c0a53f163cc067172db18
                              • Opcode Fuzzy Hash: 23af962d6cb4304c193ba9dd65ed8bc060e6260dc13ed62039ccf4a67deb6e0e
                              • Instruction Fuzzy Hash: 40017175500600ABD710DF16DC85B36FBA8FB88A20F14856AED089B741E375B915CBA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CBED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileW.KERNELBASE(?), ref: 016CBF0C
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: 9327e42b68f00790960a4930e983b7b1a1134c86eec7727b89575f683535ef29
                              • Instruction ID: 8428ad25eed07ebbe18127ef37baa9de762eb70d3bf94f3b03dffa0fe6b56590
                              • Opcode Fuzzy Hash: 9327e42b68f00790960a4930e983b7b1a1134c86eec7727b89575f683535ef29
                              • Instruction Fuzzy Hash: 4B018C716002419FDB10DF2AEC85766FF98EF44660F0880AADD49CB742D675E808CE62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016CA58A
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: ff5426b6a3cb17e036be9ae2fb732fcea9e6bb6022d46e924acd947125a52eb7
                              • Instruction ID: 306b4cbcdd7cd084d5f5b8765d831a5f5a3783822f515451c3dc32449be229ed
                              • Opcode Fuzzy Hash: ff5426b6a3cb17e036be9ae2fb732fcea9e6bb6022d46e924acd947125a52eb7
                              • Instruction Fuzzy Hash: 77015B31400644AFDB218F95D844B66FFE0EF48720F08C59EDE495B652D376A418DF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CB746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                              Download Yara Rule
                              APIs
                              • CreateIconFromResourceEx.USER32 ref: 016CB78A
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: CreateFromIconResource
                              • String ID:
                              • API String ID: 3668623891-0
                              • Opcode ID: 6531ee7ea84d17267bc8c6a8ef56c32781b372f621fae3663ae9b6ebccc93b30
                              • Instruction ID: e8d6d72d5abe7db78ef0e56af5e0e3eb41e5f27dd79eeee919986cd7c889f4a6
                              • Opcode Fuzzy Hash: 6531ee7ea84d17267bc8c6a8ef56c32781b372f621fae3663ae9b6ebccc93b30
                              • Instruction Fuzzy Hash: 5F015B31400640AFDB218F55D845B66FFE0EF08720F08C5AEDE495B622D376A418DF71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 059011AA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 059011DC
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 5db3258e97da0e2edd61880fb3ccc7df36390b726070fefc03782a4f1e9dca9c
                              • Instruction ID: bac0d164fedc3143dbd0c6149eae4ca233180c26b1d9683d6204dc5020423700
                              • Opcode Fuzzy Hash: 5db3258e97da0e2edd61880fb3ccc7df36390b726070fefc03782a4f1e9dca9c
                              • Instruction Fuzzy Hash: CB01DF715002409FDB14CF29EC84B66FFA8EF40320F18C8ABDD099B682D275A808DB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05901506, Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,?,?), ref: 05901556
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 74ca765bbcb1129d0497a28ae0306425e08f5aa6a45c969ac2d92cea3fcfba38
                              • Instruction ID: fecb08454bcdec1a0687df9a0f52b61072ef459e5f60c195d002c636bed42dde
                              • Opcode Fuzzy Hash: 74ca765bbcb1129d0497a28ae0306425e08f5aa6a45c969ac2d92cea3fcfba38
                              • Instruction Fuzzy Hash: CE014F76500604ABD210DF16DC86F26FBA8FB88B20F14815AED085B741E375B915CAA6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05900232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 05900264
                              Memory Dump Source
                              • Source File: 00000009.00000002.486267343.0000000005900000.00000040.00000001.sdmp, Offset: 05900000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: cbb52935407ba75e06cce7e547c3770e8e24f1a4d93f473e3aee05b3232ce810
                              • Instruction ID: 0e92a85de3943643c8a63741f124cddc7219aa134b2d9ffbdfb79ad324fa5a1c
                              • Opcode Fuzzy Hash: cbb52935407ba75e06cce7e547c3770e8e24f1a4d93f473e3aee05b3232ce810
                              • Instruction Fuzzy Hash: 6201F2759002409FDB10CF29D888766FFD4EF40320F48C8ABDD099F682D6B5E808CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CBB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 016CBBB9
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: a83642d420143f5da6b4e791128e1acfd79bd8e6aec56b35eb4fa5ee9961d05b
                              • Instruction ID: 3d3a8e447bd617b4283ce79ec95b788006817b929f64cd7a0cd7607f6a722c21
                              • Opcode Fuzzy Hash: a83642d420143f5da6b4e791128e1acfd79bd8e6aec56b35eb4fa5ee9961d05b
                              • Instruction Fuzzy Hash: 4001B135500640DFDB218F1ADC85B66FFA0EF04720F08C09EDD454B666C775A418CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA78A, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: closesocket
                              • String ID:
                              • API String ID: 2781271927-0
                              • Opcode ID: 3d7ad27d75059003efb4a67c4ba338a359c1deaa3cb74850c49a99e92bee1d39
                              • Instruction ID: 0bd98bfbe8af5cc6b770077cced357d93efb3265502bbc4cb8561acd648c0640
                              • Opcode Fuzzy Hash: 3d7ad27d75059003efb4a67c4ba338a359c1deaa3cb74850c49a99e92bee1d39
                              • Instruction Fuzzy Hash: 3F018F788002449FDB10CF59D884776FFA4EF44620F18C4AADD099B602D275A404CAB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CB806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                              Download Yara Rule
                              APIs
                              • SendMessageW.USER32(?,?,?,?), ref: 016CB841
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: MessageSend
                              • String ID:
                              • API String ID: 3850602802-0
                              • Opcode ID: 6d21ef574ee9eda15dbfa09f924a0e2d6be4dc3866c5a8ccc9d60198f232e89e
                              • Instruction ID: f9261602280afff46efba3c40633ae64f84162f4b275bac1cce195eaa4d53f8b
                              • Opcode Fuzzy Hash: 6d21ef574ee9eda15dbfa09f924a0e2d6be4dc3866c5a8ccc9d60198f232e89e
                              • Instruction Fuzzy Hash: D8018F35401644DFDB218F5ADC85B66FFA0EF04720F08C09EDE495B622D375A418CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                              Download Yara Rule
                              APIs
                              • SetWindowLongW.USER32(?,?,?), ref: 016CA926
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: adcd1e09f9d3a96a28a3396b582d2a3cabead1b61064961234e60dc035a9acf0
                              • Instruction ID: 05357449a2bf7a059251b6302ad404a91ebfa790745ac2078a961f9cbcbb6f6d
                              • Opcode Fuzzy Hash: adcd1e09f9d3a96a28a3396b582d2a3cabead1b61064961234e60dc035a9acf0
                              • Instruction Fuzzy Hash: 9301A235400644DFDB208F49DC85762FFA0EF05720F08C19ADE491B652D3B5A409CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CA372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(?), ref: 016CA3A4
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: ErrorMode
                              • String ID:
                              • API String ID: 2340568224-0
                              • Opcode ID: 457e23f8257807e299c330b23de6d37c0c1ca4d9ab8ae525411c68d43887deb1
                              • Instruction ID: c5668248eeccb07e039193e926817ff4639381bc98b6194e315be89073454134
                              • Opcode Fuzzy Hash: 457e23f8257807e299c330b23de6d37c0c1ca4d9ab8ae525411c68d43887deb1
                              • Instruction Fuzzy Hash: 46F0AF34400748DFDB209F59DC84766FFA0EF04724F58C19ADD499B752E7B9A408CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016CBE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON
                              Download Yara Rule
                              APIs
                              • DispatchMessageW.USER32(?), ref: 016CBE70
                              Memory Dump Source
                              • Source File: 00000009.00000002.476012906.00000000016CA000.00000040.00000001.sdmp, Offset: 016CA000, based on PE: false
                              Similarity
                              • API ID: DispatchMessage
                              • String ID:
                              • API String ID: 2061451462-0
                              • Opcode ID: 457e23f8257807e299c330b23de6d37c0c1ca4d9ab8ae525411c68d43887deb1
                              • Instruction ID: 1344e4a855879a6d01d54773ae60cb1a090aeec23b0335d4e89b2218fdde24f6
                              • Opcode Fuzzy Hash: 457e23f8257807e299c330b23de6d37c0c1ca4d9ab8ae525411c68d43887deb1
                              • Instruction Fuzzy Hash: 4DF0AF35804644DFDB208F19DC85762FFA0EF08B60F18C0AADE495B352D3B9A408CEA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E20D0, Relevance: 1.4, Strings: 1, Instructions: 198COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: r*+
                              • API String ID: 0-3221063712
                              • Opcode ID: 4f82b0dce70e6e258fcd070139e9b2c26f350a7a1c7adfcd68ab36cd66cd3efd
                              • Instruction ID: 9c8276124a17c84e6701317412ea97b5547a6deb04ae338e956f643f33c2661c
                              • Opcode Fuzzy Hash: 4f82b0dce70e6e258fcd070139e9b2c26f350a7a1c7adfcd68ab36cd66cd3efd
                              • Instruction Fuzzy Hash: 22714E30E2430ADFCB44EFA8C9826BEBBB9FB85300F54846AC5039B255D7749E81CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E1458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: $g^r
                              • API String ID: 0-3653196314
                              • Opcode ID: 8922c7e951147406699c7feeaa17874075c1cc07d0def2510313adb6d48f5ea8
                              • Instruction ID: 1788b895118053e5724794637c1e455bff22f07faf96db03d7af29d123002000
                              • Opcode Fuzzy Hash: 8922c7e951147406699c7feeaa17874075c1cc07d0def2510313adb6d48f5ea8
                              • Instruction Fuzzy Hash: A851D434A00215CFDB58DF64C894B99BBF2FF8A300F5041AAD40AAB361DB79AD85CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E1290, Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: $g^r
                              • API String ID: 0-3653196314
                              • Opcode ID: f6620c0b02873443f0eb33bd8b5e62c388880f86da68fa56da66238f75f9ada1
                              • Instruction ID: a70aa2cf27ba51bdbe2df8b9331fd30c76bc605b4759ada3736f3698355f9e7b
                              • Opcode Fuzzy Hash: f6620c0b02873443f0eb33bd8b5e62c388880f86da68fa56da66238f75f9ada1
                              • Instruction Fuzzy Hash: 0A41E734A24219DFCB64DF68D851BADBBF2BB4A340F4040AAD40AAB350DB74AD94CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E85E0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: r*+
                              • API String ID: 0-3221063712
                              • Opcode ID: 04aaf15e56df04a64dd354afa2bb0b5ba300df3c9fdd0221dc6bf40888221353
                              • Instruction ID: a1847f562786557131b07d0366923ccfcb78e1dfe9a2711fe4c6aca6dda261c4
                              • Opcode Fuzzy Hash: 04aaf15e56df04a64dd354afa2bb0b5ba300df3c9fdd0221dc6bf40888221353
                              • Instruction Fuzzy Hash: 8A413930E24209DFDF58DFA4C5466BEBBF1FF44704F5084AAD546A72A0DBB54A80CB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDC67, Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: l_r
                              • API String ID: 0-1875860616
                              • Opcode ID: 08fe43b2cb249b76418796a1d9957a23cb9806e125b0bbff55021d8532e85843
                              • Instruction ID: ed67bb9816805a6a676ca9223885ea7f66c076fe37dc8fff4cf97f049628fee3
                              • Opcode Fuzzy Hash: 08fe43b2cb249b76418796a1d9957a23cb9806e125b0bbff55021d8532e85843
                              • Instruction Fuzzy Hash: 3721B576624114DFC714DAA894017FEBBE6AB88310F54446AD406EB340EBB198C2C7A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0568, Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: P
                              • API String ID: 0-3110715001
                              • Opcode ID: 3d879ee0e50dca88b926bfccef8d35cc7b95e635b49fc3dc6032fa82a50a0e6c
                              • Instruction ID: b533114337428e695702bdef589195eb9c6f475343b103e81babb9ef5ca14f01
                              • Opcode Fuzzy Hash: 3d879ee0e50dca88b926bfccef8d35cc7b95e635b49fc3dc6032fa82a50a0e6c
                              • Instruction Fuzzy Hash: C7117C717142158FC70AEF28C44116E7BE2BFC9604B64C0AFC14ACF364EAB59C42CB86
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA00F, Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: Hu_r
                              • API String ID: 0-2935379198
                              • Opcode ID: 23c8ae4845f6a06b184680f3f0df4fb08487ae1f7709d4748e21b5653e353bfe
                              • Instruction ID: 5f284deb932f9263d39efc519a20a4b752f7dd79e79ec7daef9cf795c1d33375
                              • Opcode Fuzzy Hash: 23c8ae4845f6a06b184680f3f0df4fb08487ae1f7709d4748e21b5653e353bfe
                              • Instruction Fuzzy Hash: FAF028313142109BC740BE7C9C9137C3B97ABC5A31364432FE509DF2D4DDA44C464362
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E4710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: X1ar
                              • API String ID: 0-3367582976
                              • Opcode ID: c54faeb3cb29ad254d81c4f32f044da1640f436f94aae5c058f69fc926ec486c
                              • Instruction ID: 45d76ced326214f0f8a2c8adf7fc27c53e49362535dcdee0226b09d057fa5c73
                              • Opcode Fuzzy Hash: c54faeb3cb29ad254d81c4f32f044da1640f436f94aae5c058f69fc926ec486c
                              • Instruction Fuzzy Hash: 27F0F6363603508BCB24B6BA54113BD32CA87C6665FC4043FD606DB780D9B58CC15390
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7370, Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: Hu_r
                              • API String ID: 0-2935379198
                              • Opcode ID: eaedc2915291477eaa8cb359f4b73e706d4fe632e1473c5537ad4c8443720585
                              • Instruction ID: 14754d094f69606bb449fad9635400c451c9aa26550618c2940932ac47a2619a
                              • Opcode Fuzzy Hash: eaedc2915291477eaa8cb359f4b73e706d4fe632e1473c5537ad4c8443720585
                              • Instruction Fuzzy Hash: 0BF0F63071821453CA44BE6D9C906BE3B87EBC6670BB4022EFA0A9F2D4DEA15C4183A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7378, Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: Hu_r
                              • API String ID: 0-2935379198
                              • Opcode ID: 2e5642ef6664eaf14b62c2bac35dc938320e8c5e34d5f7459ba1c481d2361857
                              • Instruction ID: 6551a41a4c78aa5123a9451102a90417c0699fab41dc40c03b0d81edcfa24efc
                              • Opcode Fuzzy Hash: 2e5642ef6664eaf14b62c2bac35dc938320e8c5e34d5f7459ba1c481d2361857
                              • Instruction Fuzzy Hash: 32F0E93071821453C584B96DAC916BE7B8BFBC5A707B4032EFA1ACB3C4DE915C4143A5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5EC4, Relevance: 1.3, Strings: 1, Instructions: 22COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: l_r
                              • API String ID: 0-1875860616
                              • Opcode ID: ef5fcdf66dd28711bbc0effdbc1e69f96dc2b7c549b73e0d3d504612a27186fa
                              • Instruction ID: 49b901e567fd532d4cd8d01eb78083aec4ce03c863b6e7892460e7bfaf08adbe
                              • Opcode Fuzzy Hash: ef5fcdf66dd28711bbc0effdbc1e69f96dc2b7c549b73e0d3d504612a27186fa
                              • Instruction Fuzzy Hash: B7D02B30F812151FCB28AD7DDC006BF578F6BC1A11354451EE805D6300ED108C0383D9
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5EC8, Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: l_r
                              • API String ID: 0-1875860616
                              • Opcode ID: be0ad3cfb0ec8d719086cde760b4273c86cb8727925fa87b1b14e1a3050b2fba
                              • Instruction ID: d6267f96db7c01df655b7f27321cbea1feb728eaf9ec5a005b09b678b562a6b2
                              • Opcode Fuzzy Hash: be0ad3cfb0ec8d719086cde760b4273c86cb8727925fa87b1b14e1a3050b2fba
                              • Instruction Fuzzy Hash: B3D0A720B41225178618BD7E9C1057F3A8FABC1956348445EE805DB340FD10CC0183EA
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7A5E, Relevance: .4, Instructions: 436COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f76d766de3e7ddd587b4b7840bbca27649c9f77bbb8878305fbede6542f247ff
                              • Instruction ID: 37ddc9b508a019ac74ff9f663ef82a3e12c4e737e0aeb2bda205b3c78309eeb8
                              • Opcode Fuzzy Hash: f76d766de3e7ddd587b4b7840bbca27649c9f77bbb8878305fbede6542f247ff
                              • Instruction Fuzzy Hash: 39020534A10605CFDB24DB68C594AADBBF2FF88310F6486AAD45ADB750DB70EC81CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5FD0, Relevance: .2, Instructions: 241COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ac5f9e6f1c0b1c38cd3084619867eb09806f0dd005288a43136a1096eaba87d3
                              • Instruction ID: d734891a331afcd3b4d0431167a24a2c7a2ac1a551090538b7e78468ed1f8c19
                              • Opcode Fuzzy Hash: ac5f9e6f1c0b1c38cd3084619867eb09806f0dd005288a43136a1096eaba87d3
                              • Instruction Fuzzy Hash: A3817E31A10629CFCF15CF14C8916DEB7B2BF85304F558595D80AAF211DBB1AE86CF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EAAAF, Relevance: .2, Instructions: 231COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ed811ce8b137bd619f32a110e4b93b4e7271e304a673d27c7b857bd9ad38d824
                              • Instruction ID: cdf36dba29d9d901fef55cdb70b844802215b39f6c4508edf58b966c6287fd79
                              • Opcode Fuzzy Hash: ed811ce8b137bd619f32a110e4b93b4e7271e304a673d27c7b857bd9ad38d824
                              • Instruction Fuzzy Hash: C281BE347006168BD708EB68C860A7E7BB7FFC4705F50862DD6069B794CF70AD468B96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5FC0, Relevance: .2, Instructions: 188COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5466fdcad2cc20acb528d92010cc353b32747c5c22688fe7e40c7db168e3a03c
                              • Instruction ID: 23c69faafd5f5c219d0593f9cb24f7f1a58184015b81d0ac877d11abbd363454
                              • Opcode Fuzzy Hash: 5466fdcad2cc20acb528d92010cc353b32747c5c22688fe7e40c7db168e3a03c
                              • Instruction Fuzzy Hash: 5C515D31A10629CFDF15CF24C8516DAB7B2FF85304F5584E5D90AAF211EB71AA8ACF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE848, Relevance: .2, Instructions: 184COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d255d7e3ff119efb97694ffa9b7063588ff8943de27b450f49f0a7639dd086c1
                              • Instruction ID: f5b4d8f4358a9908e22cd3ace06ec0d7d547b5207f73cba1105150b9699c00c7
                              • Opcode Fuzzy Hash: d255d7e3ff119efb97694ffa9b7063588ff8943de27b450f49f0a7639dd086c1
                              • Instruction Fuzzy Hash: 44717A30A20205CFEB14CB69C486BAEBBF2FF88314F599469D456A7761DB70E8C1CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE0E0, Relevance: .2, Instructions: 164COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 952ed1c5e91871587893e0b7b25fab3361cb3877b971d6adcfbcf922854e02c7
                              • Instruction ID: be6d9f460e59dd254b7904eaaa20eacb3dcad99ef71f26576df5bdb649348e67
                              • Opcode Fuzzy Hash: 952ed1c5e91871587893e0b7b25fab3361cb3877b971d6adcfbcf922854e02c7
                              • Instruction Fuzzy Hash: E551C431A20219DFDF08DF94C9518ADBBB7FF88710B468469E906AF311DB70AD85CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E74E0, Relevance: .2, Instructions: 161COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0a50db1406166537d9dc37b487e76ad6315c7eedd57a36a70be3671053db9466
                              • Instruction ID: eba6c1dfd5ff58a20e81f0a33577b238268fd5f530fc8ce69927eb3b004fe43e
                              • Opcode Fuzzy Hash: 0a50db1406166537d9dc37b487e76ad6315c7eedd57a36a70be3671053db9466
                              • Instruction Fuzzy Hash: 2431193192065ACFDF11CF58C8556DABBB2EF85308F918594D909BB205DBB06B8ACF80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7130, Relevance: .2, Instructions: 159COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4f2e1a9c6a92c52b3c79107d693e8ebd146c6850f653e8ce9a783e8685f9bf6a
                              • Instruction ID: 6880e0349cb93ce77100b242442ae9a48def724d98b77ffec492f55496fc87e1
                              • Opcode Fuzzy Hash: 4f2e1a9c6a92c52b3c79107d693e8ebd146c6850f653e8ce9a783e8685f9bf6a
                              • Instruction Fuzzy Hash: 1C516031B102158BCF08DFBDC4516AEB7F7AFC8710B54856AD406AB344EE75AC82CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E80D8, Relevance: .1, Instructions: 147COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 519dbc8f2707bad65d432da99dcf47be15244c6db5fead6d7064e56a7e21a6e6
                              • Instruction ID: bc03a12e3c294a17007dadb7e495609cef28740b0504dacc0a4152bf0e404031
                              • Opcode Fuzzy Hash: 519dbc8f2707bad65d432da99dcf47be15244c6db5fead6d7064e56a7e21a6e6
                              • Instruction Fuzzy Hash: FC5133B5D10608CFCB18CFA8C98569CBBF1FF48700F64856AD89AAB394E7316985CF41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 033204A0, Relevance: .1, Instructions: 144COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477669116.0000000003320000.00000040.00000040.sdmp, Offset: 03320000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 08b8941b983851aa6e10da8000637b9e524069d32b47a0ec5c497291ae908c6c
                              • Instruction ID: 6c5d0fb6c4d877aa549286159f7d7a2737623ffa9185a343c86ddf4f9ac1e634
                              • Opcode Fuzzy Hash: 08b8941b983851aa6e10da8000637b9e524069d32b47a0ec5c497291ae908c6c
                              • Instruction Fuzzy Hash: 53218B7550E3C15FCB438B74AC611A17FB0AE47224B6E41DBC4C1CF1A3D21A6A2EDB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032ECBA8, Relevance: .1, Instructions: 138COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 87f6bf4130df53a9c069f46d29e7a47ddee3e6ce7c4134f90695c14a128e4704
                              • Instruction ID: e18f1fb4bd33e5f8b5cff7b47f9476df5a293c93d00b055c53dd9270121df813
                              • Opcode Fuzzy Hash: 87f6bf4130df53a9c069f46d29e7a47ddee3e6ce7c4134f90695c14a128e4704
                              • Instruction Fuzzy Hash: 9741E530A20725CFD728DFB9C8855ABBBE6FBC8314B94D62EC45697240DB75A881CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0BC0, Relevance: .1, Instructions: 132COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 39831143cf855d05d87d432d18d186e570d1767baccd1086813805ae0bec82e3
                              • Instruction ID: 46a557b79fab74fc0a876f2b83674b9695b4c43902651f258a4b97066069ca97
                              • Opcode Fuzzy Hash: 39831143cf855d05d87d432d18d186e570d1767baccd1086813805ae0bec82e3
                              • Instruction Fuzzy Hash: CC41C331B241148FCB15CF29C414AAE7BE7EFC5310F15C06AE90AAF2A1CEF19C468791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E82C0, Relevance: .1, Instructions: 129COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ed980d66fc2b8054d9e19d73fc00bbe5b91e6997a37416f0452657fce3c724c8
                              • Instruction ID: 811319745346ce05749ebbc1baeff04ebbeff683df1e6c179a380d134ffc9dd1
                              • Opcode Fuzzy Hash: ed980d66fc2b8054d9e19d73fc00bbe5b91e6997a37416f0452657fce3c724c8
                              • Instruction Fuzzy Hash: 7341F935620506CFCB04CF68C8859AEFBB1FF44714F548276D59ACB250D770D896CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0688, Relevance: .1, Instructions: 127COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0b27bf7b424cf9d056114c3099ae604e2b111fa96ba01f85ce2470232e09497b
                              • Instruction ID: c5dec92c449de1cf9cd86453debf2fa06c99da33dd55351e7ecb24ea4b945be2
                              • Opcode Fuzzy Hash: 0b27bf7b424cf9d056114c3099ae604e2b111fa96ba01f85ce2470232e09497b
                              • Instruction Fuzzy Hash: 15416E30B112558BC728AF39EC1D56D3BA7FFC070A755A56EE802C7268DFB04C529B92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6CB0, Relevance: .1, Instructions: 119COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d0cfc8f86cc1affa0ee0d2957d8857680e67ba66de7dce8ec37414fdac1e9f1
                              • Instruction ID: f10a5cf039e1815070f13e8b10c9d81c474e019c808e99aa6aa4b09ec93335d2
                              • Opcode Fuzzy Hash: 4d0cfc8f86cc1affa0ee0d2957d8857680e67ba66de7dce8ec37414fdac1e9f1
                              • Instruction Fuzzy Hash: 61417E74B01300CF8B09FF69D5601A97BF6FB8E610764406EE906AB381EF799C85DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EAE50, Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0446fa3e3e894d6e5f43131405b0b4be7c7f22167f03fa2dafc6258fbd5807a9
                              • Instruction ID: a648689b8485b68a8a49ef77a06f67dd063fd369e1dbaff44fd20e9fa43bf1b0
                              • Opcode Fuzzy Hash: 0446fa3e3e894d6e5f43131405b0b4be7c7f22167f03fa2dafc6258fbd5807a9
                              • Instruction Fuzzy Hash: CB31E2B1E246658FCB04DBA9C89056EBBF6FF88711B64442EE406E7750CB35EC81CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EEC60, Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d38820e6adb9170477a282a6143d572d39e01c3f0f5b0a325b66823c4d4ca612
                              • Instruction ID: 869df0aa2d8a8722f2f6e5b76ee4fcd0fb441846390f006a8995b8d76721df07
                              • Opcode Fuzzy Hash: d38820e6adb9170477a282a6143d572d39e01c3f0f5b0a325b66823c4d4ca612
                              • Instruction Fuzzy Hash: 27411574E10209DFCB14CFA8C481A9DBBF5FF48314F6584AAE819AB355D771A882CF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6CC0, Relevance: .1, Instructions: 115COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78d572164dd365a92677f718a5e834fcdfb622ce744ab4f692e1f9a625dcd7a9
                              • Instruction ID: 5e6377eadc507318cdcc14f057d58baaa974db0e082d4e1525b876fb32f24610
                              • Opcode Fuzzy Hash: 78d572164dd365a92677f718a5e834fcdfb622ce744ab4f692e1f9a625dcd7a9
                              • Instruction Fuzzy Hash: 20418E74B01200CF8B09FF69D5601AD7BE6FB8D610764406EE906AB381EF799C81DB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032ED130, Relevance: .1, Instructions: 109COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6fbbc3a534883984f2ee0579ccad4cfd8b542eb66f34ab256bed9e27742ef417
                              • Instruction ID: c1626398ffd93eee9ae4b4c600c4752459b75d50d66f199398c2ae20383661f6
                              • Opcode Fuzzy Hash: 6fbbc3a534883984f2ee0579ccad4cfd8b542eb66f34ab256bed9e27742ef417
                              • Instruction Fuzzy Hash: 78418B70615305CFCB09EF38C85549A7FB2FB8621936485AEE4098F396DB76980BCB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EEB28, Relevance: .1, Instructions: 104COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2d5f64ca6f9730f6912ee0e1ee985ad61b9aa70931acee6dcfe311e910b3bdcd
                              • Instruction ID: 951e5d707382e2ccd377806483624a48b7e59d5f6c53260b514c4d57c7f0dab8
                              • Opcode Fuzzy Hash: 2d5f64ca6f9730f6912ee0e1ee985ad61b9aa70931acee6dcfe311e910b3bdcd
                              • Instruction Fuzzy Hash: C7412C31516B51CFD339CB2AC542766FBF2BF85305F99C86EC09B86AA0C775A485CB00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDFB9, Relevance: .1, Instructions: 102COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f76f60c35c05655a3d7646133d84685f476815e4ab86a71b79e4540546faee0
                              • Instruction ID: 44c0c7ba333b0da2052585ec1fb5f898639011c2b4275699a270caa7b5d952ed
                              • Opcode Fuzzy Hash: 2f76f60c35c05655a3d7646133d84685f476815e4ab86a71b79e4540546faee0
                              • Instruction Fuzzy Hash: 4231CE71A10205DFDB50CFA8C5866AEFBF6BF88212F698169D009F7201DB71DC81CBA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E02DB, Relevance: .1, Instructions: 102COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 676328881cf059169f5a7c840888d986361737c92f48c6046641988099ba040f
                              • Instruction ID: dbb3f8cbe559561d2f811fa2d745a88d87ee114d86d9dcdd163226892fe48ca3
                              • Opcode Fuzzy Hash: 676328881cf059169f5a7c840888d986361737c92f48c6046641988099ba040f
                              • Instruction Fuzzy Hash: BB318F30E11206CFDB18CF69C551BAEBBB2FF88710F548069D502AB7A1DBB19C82CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE0D1, Relevance: .1, Instructions: 102COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c8324768b520f5ee018d5df88713c7e61c99512577b90d5e26180df36dbf15f5
                              • Instruction ID: 8e71a8fa351a03745f1cfc89993223d42f50f2a55ac888a78ecafb21e234c98f
                              • Opcode Fuzzy Hash: c8324768b520f5ee018d5df88713c7e61c99512577b90d5e26180df36dbf15f5
                              • Instruction Fuzzy Hash: E731F535A24209DFDF04DFA4C9418EDBBB7BF88700B06046AE506AF261DB719D84CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E45C8, Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 566feef6b4209bb15396b85e97fe00aa1b89e4b5e6ed18e60dfa8f95df38ab53
                              • Instruction ID: f14cc464684c4f974d9e840dc846dc781fc98cef741b94184d2e182e9153553c
                              • Opcode Fuzzy Hash: 566feef6b4209bb15396b85e97fe00aa1b89e4b5e6ed18e60dfa8f95df38ab53
                              • Instruction Fuzzy Hash: E421B971F2011A9FDB14EA99DC42AFFB3BDEBC4200F54413AD619D3240EBB099448761
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE528, Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f8f29bf097990fde03180c51e39486220a3793dd2ca8ac8c60471c5a5466c149
                              • Instruction ID: 2b802ec7cc4a764cecb482a4cd9dd07f365b37a5785fd6cf745c386606658a31
                              • Opcode Fuzzy Hash: f8f29bf097990fde03180c51e39486220a3793dd2ca8ac8c60471c5a5466c149
                              • Instruction Fuzzy Hash: CF318E70B10205CFCB14DFA9C585AAEBBF6FF88200F50442DE506A7750EB71D882CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0006, Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f39bd42235a62b600a3bb1c6ce8f2e48e6a94ee5d888d6a1decc607288625c86
                              • Instruction ID: 25357020d05b25160f3e73ccd7ffa971615c42a18b643a8a685e4d340c24452c
                              • Opcode Fuzzy Hash: f39bd42235a62b600a3bb1c6ce8f2e48e6a94ee5d888d6a1decc607288625c86
                              • Instruction Fuzzy Hash: 0B315930A1E3C2DFC706DB74CC654583FB5BE43204719889FD481CB2A6EAB99886CB53
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032ECC10, Relevance: .1, Instructions: 93COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e90ac5cd17c063d1f8cf2a65057008c5fc2e565b9b013d281ff23027cd714b3f
                              • Instruction ID: 56b97afc68cdc3f6fd0b72a79fc1643471f95e735d3143c7fbf011a38f7dd64a
                              • Opcode Fuzzy Hash: e90ac5cd17c063d1f8cf2a65057008c5fc2e565b9b013d281ff23027cd714b3f
                              • Instruction Fuzzy Hash: 6D319230A20325CFDB18EFF9D8556AEBBF2EB88700B94E52AC40697344DF7498818B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7120, Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e1b89db48394b2492709fbc6a5b09d66045afde849a25b98a5e5acea7ce0d425
                              • Instruction ID: 8f1cb83a8265a3acdada0d57d3da8315cb6448093bad016e089eb666dd660a25
                              • Opcode Fuzzy Hash: e1b89db48394b2492709fbc6a5b09d66045afde849a25b98a5e5acea7ce0d425
                              • Instruction Fuzzy Hash: CF310D35E102098FCB14DFB9C4515AEB7F2EFC4310B54856AC816AB354EB75AD46CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E85B0, Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 096d6a76241729c917c88bae699b8fb8c76d47b14bad5276bb8929c28a13da4e
                              • Instruction ID: 3ee8baa4ded60434d2295124b326deb3de2e699083d16997731c18c6210bb282
                              • Opcode Fuzzy Hash: 096d6a76241729c917c88bae699b8fb8c76d47b14bad5276bb8929c28a13da4e
                              • Instruction Fuzzy Hash: 5131B13092924DDFDB16CFB4C5526AD7FF0FF01704F6444EAC5429B2A1DAB58A81CB92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E50E0, Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5bd50f553bd14c37f8ca5e126edc7286997b12bab46ecf53433c108308b770e6
                              • Instruction ID: e46df0388840955c98dcb08e46f36bc7b103ff82cf092e095bee92436b134a9a
                              • Opcode Fuzzy Hash: 5bd50f553bd14c37f8ca5e126edc7286997b12bab46ecf53433c108308b770e6
                              • Instruction Fuzzy Hash: 9C219E74A20309CFDF04DFA9C8156AEBBF6AFC9304F904429C506AF355EBB49985CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDDCD, Relevance: .1, Instructions: 89COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d51489f1aa9a0ce282354f8d9f564ac5a215d1fc7fee63d968850349bf9c30e
                              • Instruction ID: 0a1459ffaec7b7b926ba0d24dff38b2935dc5832f15f772f3d5ac34f806939fa
                              • Opcode Fuzzy Hash: 1d51489f1aa9a0ce282354f8d9f564ac5a215d1fc7fee63d968850349bf9c30e
                              • Instruction Fuzzy Hash: 9C3108317407018FC655AB7CC86056A7BA3BFC47187A49A2CD2869B794DEB6E903CB84
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E43CF, Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f8608a78f1f21478742744498c6019dc070bd4b1f018847a516751a89145bed3
                              • Instruction ID: 8b34568f5ae2209744cae9e1d130db4ef71b5b66df6670f6eaaa56949a60e5ff
                              • Opcode Fuzzy Hash: f8608a78f1f21478742744498c6019dc070bd4b1f018847a516751a89145bed3
                              • Instruction Fuzzy Hash: 3E31CD35A10105CFCB14EF68DC448ED7BF2FF85304354A2AAE4029B368DB79AC65CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E43D0, Relevance: .1, Instructions: 87COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d0cc32df4e5d56b4b3178424d8cbca8fc456d4d6cf220caeced99ae0198c6b11
                              • Instruction ID: 9c6a10d340aa5766a513dc35fa654bce3980fa820aca494f534d89b1d8cf6931
                              • Opcode Fuzzy Hash: d0cc32df4e5d56b4b3178424d8cbca8fc456d4d6cf220caeced99ae0198c6b11
                              • Instruction Fuzzy Hash: 8031E035A10105CFCB04EF69DC448ED7BF2FF85304354A2AAE5029B368EB79AC65CB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E55E8, Relevance: .1, Instructions: 85COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ae4952cdd93be798301d8346ea370bb20efc3fa702f5ca116e13a1bc2d0e3ab1
                              • Instruction ID: 126c118a66f9bcd2d6b3512a5b9585d61b7ef7347023e21e3d9343d2a6d0441a
                              • Opcode Fuzzy Hash: ae4952cdd93be798301d8346ea370bb20efc3fa702f5ca116e13a1bc2d0e3ab1
                              • Instruction Fuzzy Hash: FA21B530B60205DBDB149F78C4557EDBAE6AB88714F28006AE502EB3D0DEB18D818791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E8428, Relevance: .1, Instructions: 84COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2eed356fd492ae4bd72fe488aea61fa97d8e172fdeb22d9c811ca4a4da95932a
                              • Instruction ID: 6970705462523be37b0fc400567b584502724473cc1f6facff1b94792a2dd1b6
                              • Opcode Fuzzy Hash: 2eed356fd492ae4bd72fe488aea61fa97d8e172fdeb22d9c811ca4a4da95932a
                              • Instruction Fuzzy Hash: 91316F31B24200CFEB48EB79E95546E3FA3EBC4621395856AE046CB391EFB98D41CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6A9C, Relevance: .1, Instructions: 83COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2d0ffe65c1d2a5241164aba8fec10248ce7fa902fff58145abc1f8955677b35d
                              • Instruction ID: 8a811901d75b20dc1018112cd9f56a06459c5f2da6024aa3c9601957f52304b6
                              • Opcode Fuzzy Hash: 2d0ffe65c1d2a5241164aba8fec10248ce7fa902fff58145abc1f8955677b35d
                              • Instruction Fuzzy Hash: 5B318E30B20301CBD718EB38E9651AD3FE3EB85358794966ED5068B344DFB59C46DB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA270, Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 252bf6344fafa1b6951310010606cf12a2f44e74d906b7099a2a1e7ba887ad91
                              • Instruction ID: a02d31a32749b258fce5d8e85787b0ec81bf14756f747688f498f73218925961
                              • Opcode Fuzzy Hash: 252bf6344fafa1b6951310010606cf12a2f44e74d906b7099a2a1e7ba887ad91
                              • Instruction Fuzzy Hash: DA217470B202069BCB14EFB4D8515AEB7B6FF88700B50896DD502AB280EB71A85187A4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5831, Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a58e4bb60f5f31812cc4281521b2684319aa28921eb4341e01131f8cca3e7eb5
                              • Instruction ID: d3aecf1e2779012bd633b96e9e8d436cb459b619c67e291c0206f2356bac659d
                              • Opcode Fuzzy Hash: a58e4bb60f5f31812cc4281521b2684319aa28921eb4341e01131f8cca3e7eb5
                              • Instruction Fuzzy Hash: 1B21F5757302049FCB08EBB998518BE7BEADFC62187A0043ED5029F751EDF18C8087A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6AEB, Relevance: .1, Instructions: 80COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b3a965f9e4bbfad7bfd36016de06f72a5c6aed43520e6e96841c84f360e50e74
                              • Instruction ID: cd2e802cdece731a0dcdb4e7cb2239dfb42d13d45622ff90d1f175e21b3a52c0
                              • Opcode Fuzzy Hash: b3a965f9e4bbfad7bfd36016de06f72a5c6aed43520e6e96841c84f360e50e74
                              • Instruction Fuzzy Hash: E4317C34710301CBD718AB38D9640AD3FE3FB86258390966EE1068B344EFB99C46CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E4F10, Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4b6dbd704ca55138697584eed874c0e2a36dfe3e211d74dca43bd6012c590cf6
                              • Instruction ID: 26fdf1a4973aa3d36218e06a3896e8cdcab6de95bceb24c29d101a35152bc5d0
                              • Opcode Fuzzy Hash: 4b6dbd704ca55138697584eed874c0e2a36dfe3e211d74dca43bd6012c590cf6
                              • Instruction Fuzzy Hash: 7121A431239200CFC704FB76E8529B93BA6FBC1B113D0956BD5068B644EFBC5C828792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E21E9, Relevance: .1, Instructions: 76COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4c0f594fc32391d7c8a954a2e2f6a6d09c1ebbe12c66afd42dce91bb9328a775
                              • Instruction ID: f7dd9a53639ee5e5526bb9eca0c8c4634caa6d31e17007a2ba9fbe229dd33bab
                              • Opcode Fuzzy Hash: 4c0f594fc32391d7c8a954a2e2f6a6d09c1ebbe12c66afd42dce91bb9328a775
                              • Instruction Fuzzy Hash: AF310B70D2830EDFCB94EFA4C5466BDBBF5FB45304F50886AC403A7254D6B59A81CB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E89C6, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3641fcc32e1fca91cafad17d72808d9b0e6e958006b357a1a6dfbc0a9b904228
                              • Instruction ID: 387fafdd794c71be9dfe6ee09c791319b2acce4307a1da6b3e7127a5c359b09c
                              • Opcode Fuzzy Hash: 3641fcc32e1fca91cafad17d72808d9b0e6e958006b357a1a6dfbc0a9b904228
                              • Instruction Fuzzy Hash: 1131AA74A2424ACFEB20DF65C54125EFBF2FF84714F68D569D005AB290EBB494CACB81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E25DE, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a69871eec607cc975ea27c09aaef024ef9700652b6bc3be1bd3f722c2ac84951
                              • Instruction ID: 58d10ec542a0adf308a70bd9d560ffb1605854e48c2e88ba376070e9793a7c49
                              • Opcode Fuzzy Hash: a69871eec607cc975ea27c09aaef024ef9700652b6bc3be1bd3f722c2ac84951
                              • Instruction Fuzzy Hash: 88317870E21346CFDB60EF66D84125ABBE6FF84314F58E66AC0069B358DBB49489CF41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EAE40, Relevance: .1, Instructions: 71COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19e686eb035dffa302e617d38bac974b6d2c37292f93052627a619809ea032bb
                              • Instruction ID: dccd1772b8a662cfa618d1dd6695c01716808fdb0cb0f3b0abe00e23620ef5a9
                              • Opcode Fuzzy Hash: 19e686eb035dffa302e617d38bac974b6d2c37292f93052627a619809ea032bb
                              • Instruction Fuzzy Hash: 9B21E4B6E142268FDB04CB99D8854AEFBF2FF8C300B14812AE456E3350D735AD55CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E4511, Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d7275f18a7c6a6dc5405dc8ad9932a68baaf694a8af50716d6550e1be28dcd51
                              • Instruction ID: 958f0c14bf30a1443697d95f8a15c1fbba5dcedfcfb496c4eb5db8cd1cc8ae3a
                              • Opcode Fuzzy Hash: d7275f18a7c6a6dc5405dc8ad9932a68baaf694a8af50716d6550e1be28dcd51
                              • Instruction Fuzzy Hash: 8911B232E242108FCF16EA6994015FEB7A6AFDA210F44407EE9169B250DEB59C85CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5840, Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8a369ef3172d1c7a3410eb6ab07966631cb75290040a91793713be77ed580a5e
                              • Instruction ID: 9afa78a6a5aba2225102329b79f553dbaa2fabad45260cb41d4b1a8fece6472e
                              • Opcode Fuzzy Hash: 8a369ef3172d1c7a3410eb6ab07966631cb75290040a91793713be77ed580a5e
                              • Instruction Fuzzy Hash: A511B1357302149BCB08E7BA985197FB6EAAFCA218BA0453E95079B755EDF1CC8043A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E54F8, Relevance: .1, Instructions: 70COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3bc5df3686c8a9b7ff689f951d7b1741c33f533153dd6146f79dda68005300dc
                              • Instruction ID: 5e4b0a1baa2d23845602f7fd2635ffb07658e63c1a374658d050774f56eba151
                              • Opcode Fuzzy Hash: 3bc5df3686c8a9b7ff689f951d7b1741c33f533153dd6146f79dda68005300dc
                              • Instruction Fuzzy Hash: DC219671A212058FCB19EF78EC556EE7BF2EB8A348F60506BC111CB250EB359942CF81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E21F8, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c314c182abfc00b063c677b7549c540e909974fa88eaf2290f48d317e7610e13
                              • Instruction ID: 0583ca0e4a6eee40c1c5d13eaee0f7c08037d97cc01e0e384df605234ac4a168
                              • Opcode Fuzzy Hash: c314c182abfc00b063c677b7549c540e909974fa88eaf2290f48d317e7610e13
                              • Instruction Fuzzy Hash: CB210E70E2830EDFCB54EFA4C5466BDBBB9FB44304F54445AC403A7254D6B59E80CB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5730, Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 33c2dd93e95c18e0d9a9962945222a5b9b3f29d0eb7ce8510bbc349d8f9366f4
                              • Instruction ID: 24745326a01e13ca1a5563d04e7fe612f47a75e6843f45a7c69642867df88843
                              • Opcode Fuzzy Hash: 33c2dd93e95c18e0d9a9962945222a5b9b3f29d0eb7ce8510bbc349d8f9366f4
                              • Instruction Fuzzy Hash: D5218E70A34205CFCB08DF74D9426BE7BB1EB86348BB0402BD5019A280EB758C92CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE3D0, Relevance: .1, Instructions: 68COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3593110a4dddff6f750415ad6c5638cb0253c9d42010d6821d2f164721289872
                              • Instruction ID: 5473024a39b40ab76000482343d643d7152d0391d32688577265870d368c9d9c
                              • Opcode Fuzzy Hash: 3593110a4dddff6f750415ad6c5638cb0253c9d42010d6821d2f164721289872
                              • Instruction Fuzzy Hash: 8B21A572A20115CFCB54DF98C556ABEB7F5EF88310B96806ED40AE7200D771AD82CBD2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5000, Relevance: .1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1afdafe5f33d4f7b9b823e8bc165c54cd5f8fc94ab96b28c7ca16a8ac9af35f3
                              • Instruction ID: fb8028f84012fc129edf80e18ae53da00e837fb6ed39e4912b94e895d67c3047
                              • Opcode Fuzzy Hash: 1afdafe5f33d4f7b9b823e8bc165c54cd5f8fc94ab96b28c7ca16a8ac9af35f3
                              • Instruction Fuzzy Hash: F411B431B30211CFCB44EFB8C8512AE7BE5EB8A215BA4457AD906EB740EF749D418BD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E50D0, Relevance: .1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ebfa824fa097ae439f03791c4810c081c0ce5a84a0f7fe33d6b2da5ace49d090
                              • Instruction ID: 8bb1d7409da7b3f7049846b62864e7460badff24df2eabfd28d39ce923a370e3
                              • Opcode Fuzzy Hash: ebfa824fa097ae439f03791c4810c081c0ce5a84a0f7fe33d6b2da5ace49d090
                              • Instruction Fuzzy Hash: DA115B71D203499FDF01CFA4C8156DEBBF2AF8A314F604429C509AF251E7B4998ACF81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA26C, Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5e6b0ea5eb1a5fbbdb59f377c6a574d4c4182a5cbc3376393c60fbcc1487d0a3
                              • Instruction ID: d367080ce13353f7937f4eb851e3325d6d3a97b12199f98283bf7b36ea73fc13
                              • Opcode Fuzzy Hash: 5e6b0ea5eb1a5fbbdb59f377c6a574d4c4182a5cbc3376393c60fbcc1487d0a3
                              • Instruction Fuzzy Hash: BB11B674F302169BCB14DEB4DD526AE77A6BB88700F50856AD503BB380EBB198908794
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E48C7, Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c5adb103689ee64fa473ada4061ab4fa3e3249f625e4d74f1e8f19d674ac29d0
                              • Instruction ID: dcfb31dfb67a2cff5a5d051d861064954eb93284ada7ba792cd864395eb039f1
                              • Opcode Fuzzy Hash: c5adb103689ee64fa473ada4061ab4fa3e3249f625e4d74f1e8f19d674ac29d0
                              • Instruction Fuzzy Hash: 0211E372B242199BCF05EEA9D8514FEBBB6ABC8710B84403AD906B7240DE705E4687A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE3C1, Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 533b7f58bd7696eee66e0cbd8fdeac80faea5d678c13b84da6505fe4aead18a7
                              • Instruction ID: c4ec34730dcc4b73914b239f358ada867aed49d839bffb513e1753f13adcd8b8
                              • Opcode Fuzzy Hash: 533b7f58bd7696eee66e0cbd8fdeac80faea5d678c13b84da6505fe4aead18a7
                              • Instruction Fuzzy Hash: 3D119677A21105DFCB54CF58C5469FEB7F9EF48311B92816AD50AE3200D371AD82CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E46A9, Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0ca86358f668f2b30386f27f8d937be3385e6590c172ef769af8ab8fc880ec02
                              • Instruction ID: 9c11c6733024386c09d74a97012b37965d8d6a200d09f42ab09e6795e8479808
                              • Opcode Fuzzy Hash: 0ca86358f668f2b30386f27f8d937be3385e6590c172ef769af8ab8fc880ec02
                              • Instruction Fuzzy Hash: 16113631A252509FCB12AAB998112B977D9EFC3214F9400ABD106CB251DA75888187C1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC7A8, Relevance: .1, Instructions: 61COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3c4d1f35ad61fd4c6c60bb50f0a16802c61bb3148aa74537de2c264d6d94ee63
                              • Instruction ID: 82272bbad2fa56618030a49257c55df6c1438b362b0ad698cb17c3c7b75c358c
                              • Opcode Fuzzy Hash: 3c4d1f35ad61fd4c6c60bb50f0a16802c61bb3148aa74537de2c264d6d94ee63
                              • Instruction Fuzzy Hash: 2A1101703243519BD215E7B89A5147EBBABAFC25143D8896ED04A8B280DFB2A8828751
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC688, Relevance: .1, Instructions: 61COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ffaf5ac54a322c9e10e512d8fe966ba2bc001f1642393bb1178cefdd5cafc941
                              • Instruction ID: 9cfc1710a3633d3708aa35f097e381c923521abf5cc323ea7d69c5daa3a88469
                              • Opcode Fuzzy Hash: ffaf5ac54a322c9e10e512d8fe966ba2bc001f1642393bb1178cefdd5cafc941
                              • Instruction Fuzzy Hash: CB1191747101219BC748EBA9C850A6E77EBDFC86107588069E80ADB350DF75AC42C795
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E80C9, Relevance: .1, Instructions: 60COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d6d3bf933b7c5d1acc12134049fd3c22f51f4ed7de8ca464994ddab4fc67eaf3
                              • Instruction ID: 63f3b4da438242e55b753a38335c5f37068292271e175ce99ad9f70a40826fd1
                              • Opcode Fuzzy Hash: d6d3bf933b7c5d1acc12134049fd3c22f51f4ed7de8ca464994ddab4fc67eaf3
                              • Instruction Fuzzy Hash: 4C11D035D14244DFDB12CF68C8056EDBBF1EF4A700F5440AAC141AB2A1E7755D89CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0332087C, Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477669116.0000000003320000.00000040.00000040.sdmp, Offset: 03320000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 30c2d646ae6abce8f1cc19a0b39418ceb0c5cda85446d028c671f6b132d387b5
                              • Instruction ID: bbb10c9b6aacc9eacbcd8d3e4dd5dfd056d3e22847c3c58596dc5832ff59d26c
                              • Opcode Fuzzy Hash: 30c2d646ae6abce8f1cc19a0b39418ceb0c5cda85446d028c671f6b132d387b5
                              • Instruction Fuzzy Hash: 1511E434204384DFD309CB24C984B26BF95AB88708F28C99DE94A4B653C777D807CA91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC7B8, Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c0a133ee5c823c63724780a63ee3df1d11f4beeffdd0e254c809e1ccda4ed0c9
                              • Instruction ID: f3a31aee6fa355ab46cf8648ee71fcce78efdadef721e02267ee0972232f53e1
                              • Opcode Fuzzy Hash: c0a133ee5c823c63724780a63ee3df1d11f4beeffdd0e254c809e1ccda4ed0c9
                              • Instruction Fuzzy Hash: 4411E230328211CBE215F7B8D65157EBA97EBC26043C4892DD00B8B280DFF2EC428746
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDAD9, Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 19eff4fc14c9d2e3293aea266fb6dcaef1c4564fd5d129aa0d960b6030d5caa1
                              • Instruction ID: 6fad2e29c9af59947837faf9c6e0eb1792235dedc0704a1b355c0975b6b92f20
                              • Opcode Fuzzy Hash: 19eff4fc14c9d2e3293aea266fb6dcaef1c4564fd5d129aa0d960b6030d5caa1
                              • Instruction Fuzzy Hash: FC012631B213219FCB141BB89C145AF7FAAEFC9214350453FE406C7341ED758C4187A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E69E1, Relevance: .1, Instructions: 57COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3ba00f302e337766e60cf76a34d77c438bfeca47c90a08ebfd82853df3426a66
                              • Instruction ID: 26f85189334126505834426aab4b4f15cd8b29cb34d0cd690260a06f294501a6
                              • Opcode Fuzzy Hash: 3ba00f302e337766e60cf76a34d77c438bfeca47c90a08ebfd82853df3426a66
                              • Instruction Fuzzy Hash: 01117071F20209CFDB54EBB8D8526EEBBF4EB94210F90413BD505D7340EB745A958B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 03320853, Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477669116.0000000003320000.00000040.00000040.sdmp, Offset: 03320000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cb4f24d79f7eb331977f2aa2a5ed9e2f6c532c495d4fe37036fd58d83aa9f8fe
                              • Instruction ID: f3ed56d645e901db2e764d5dade51ad40039156b4f75b35ee5a2e7e1b80eb3cc
                              • Opcode Fuzzy Hash: cb4f24d79f7eb331977f2aa2a5ed9e2f6c532c495d4fe37036fd58d83aa9f8fe
                              • Instruction Fuzzy Hash: B72172352093C19FC717CB24C954B12BFB1AF4B714F2986DED8854B6A3C33A9816CB52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC3A0, Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a7438a61e6113ec315b1101152564264f31c4c84f66291079e7f1c3635b2315
                              • Instruction ID: 50358e3baf16291192edbb75ea6aac07d422bc2ea5c34b9f2c168294502221d6
                              • Opcode Fuzzy Hash: 7a7438a61e6113ec315b1101152564264f31c4c84f66291079e7f1c3635b2315
                              • Instruction Fuzzy Hash: E211E0317142209FE309AB38D49473E3BEBE7C8621F4404A9F406D7385DEB88C42C794
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5BA1, Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 235fd80992b2de0cb746e6ea083aeb029df26a9540bbbb6cf335ed85f0dc7ee5
                              • Instruction ID: 03f38c1df10c12b0ee7cfec1c5d8316e75f2d773d0b9697ca72de1fb0a760ae4
                              • Opcode Fuzzy Hash: 235fd80992b2de0cb746e6ea083aeb029df26a9540bbbb6cf335ed85f0dc7ee5
                              • Instruction Fuzzy Hash: 6801FE317353648FCF16EBB4982207D7BA5AF836287A0057FC4078F281DEB5C8468792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 033205CF, Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477669116.0000000003320000.00000040.00000040.sdmp, Offset: 03320000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bea304310ec87933331d0c86e249c9db37a72ac8e8b4517963285f8b8ca28a8
                              • Instruction ID: 409cf05a4df5f8fdc9536017086ac133e682c78174143b9e1737c57ce59a025d
                              • Opcode Fuzzy Hash: 6bea304310ec87933331d0c86e249c9db37a72ac8e8b4517963285f8b8ca28a8
                              • Instruction Fuzzy Hash: BD01D27610D3805FC3168B16EC51853BFF8EF86230B1984EBE849CB252D229E948CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E4FF0, Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7fa7255f3614e4c231e427aeb25c3511639b378e70cbbebfd38d57bceef2629e
                              • Instruction ID: d2a79abde83e5970e69951415f22f10d249aff08856b920ed2e9c5186595634c
                              • Opcode Fuzzy Hash: 7fa7255f3614e4c231e427aeb25c3511639b378e70cbbebfd38d57bceef2629e
                              • Instruction Fuzzy Hash: 3801C431E30215CFCB44EF78D8122EE7BE1EB8A215BA4413AD505D7240EBB48941CBD5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E11DF, Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68a94506fae785d01f00682d63e4026118dbfc24b77d4327c8c854630fd4f239
                              • Instruction ID: 865acb144624b3b74c4656c564330e5544bc99093cca1b84585ce87f686e1d5c
                              • Opcode Fuzzy Hash: 68a94506fae785d01f00682d63e4026118dbfc24b77d4327c8c854630fd4f239
                              • Instruction Fuzzy Hash: C9112E303291A0CFC7069B28D8544697FE6AF8620475541FBD546CF271DAB55C498792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016DAD64, Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.476095371.00000000016D2000.00000040.00000001.sdmp, Offset: 016D2000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0caa3aa11213a33f26ed1ffe2183cc3a6314e7f4a32180e2a5ccac40cfb864e7
                              • Instruction ID: a151204cec16253acc76b9be9ff92d1dc6301ccdcdf3d06c889f44ebfa417e30
                              • Opcode Fuzzy Hash: 0caa3aa11213a33f26ed1ffe2183cc3a6314e7f4a32180e2a5ccac40cfb864e7
                              • Instruction Fuzzy Hash: 5E11ECB5608301AFD350CF19DC40E57FBE8EB88660F14895EFD9897311D271E9048BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E4789, Relevance: .1, Instructions: 52COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6576d036a5103b46f9c0154d8ad2ebc01925a2acb10109d0fa87782238d21234
                              • Instruction ID: ea74b8288b26e9f5dee454c512f91b32d19a584963c8bbe36c4e9e9df7515da1
                              • Opcode Fuzzy Hash: 6576d036a5103b46f9c0154d8ad2ebc01925a2acb10109d0fa87782238d21234
                              • Instruction Fuzzy Hash: E8011B71E012198FCB55EFB8D8146AE7BF2EFC5310F20447ED509EB280EA354A46DB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6378, Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0b54d7b5e12c004864138932283c975d64ddfc693b600a7ead75e127ce12ff10
                              • Instruction ID: d15618b74474299ca25560c2c32d6bd116353aafaeea738086068ecae97bec1e
                              • Opcode Fuzzy Hash: 0b54d7b5e12c004864138932283c975d64ddfc693b600a7ead75e127ce12ff10
                              • Instruction Fuzzy Hash: 2B01F732A3C653CFDB319778A8021FD7BE4DBA156479805ABC60ACB142EA9549C2C3D2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5F60, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 44293c4237b2d6644e3459944d2ff9101abeaeed0b0f5be1c51a758cd7fa7d03
                              • Instruction ID: 8e636a185a1b37f3f741d49b47b5898df144b0f4c9ed10a510a8b24522cb1288
                              • Opcode Fuzzy Hash: 44293c4237b2d6644e3459944d2ff9101abeaeed0b0f5be1c51a758cd7fa7d03
                              • Instruction Fuzzy Hash: CE01D631B242258FDB44DA7CD8122BEB3E6EBD5659B44446FC90AE7341DF728D4287D0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5740, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8502f93a9ca88911b313970177fa8003344ec80af454d2d0a9439f52acfd3b42
                              • Instruction ID: e722fad7dda4e78f9f5bc89f9dde6c8157fe0211fe014558aff8b003460f1d76
                              • Opcode Fuzzy Hash: 8502f93a9ca88911b313970177fa8003344ec80af454d2d0a9439f52acfd3b42
                              • Instruction Fuzzy Hash: 36117C30A34209CFD708DF74E9426AE7BF5EB86344FA0012BC405A6284E7399D81CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E2395, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 24346570454af29a53fc932c69613b2bad008b428d60cb54b10959f293dbf0d8
                              • Instruction ID: 7b4c99e35fe12f5b643947018ee17aad31bec20c14b17b2cdfaac424696af488
                              • Opcode Fuzzy Hash: 24346570454af29a53fc932c69613b2bad008b428d60cb54b10959f293dbf0d8
                              • Instruction Fuzzy Hash: C3110671924359CFCB25EF65C842AAEBBB9EB45344F50486ED107AB340EBB50882CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDAE8, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9caed90b9379af50098aad92b01165efe34a6ae13682759bdec8a2ebf7c3929f
                              • Instruction ID: f9fdea049811f1e68f0764f2b5de13a3bdfe737b1fb5fc4c33921bf9d683a6be
                              • Opcode Fuzzy Hash: 9caed90b9379af50098aad92b01165efe34a6ae13682759bdec8a2ebf7c3929f
                              • Instruction Fuzzy Hash: F101F775B213259FCB146BB99C1952F7A9FEFC9624750443EE406C7340EDB5CC4183A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7930, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 78f34abcc90aed86255f571a17618e1b59683c8ea06652089b6dba4a0abdbc36
                              • Instruction ID: 48af618d0749abaf1fa2db28ce7927344c513bd79434416405de342ea256745a
                              • Opcode Fuzzy Hash: 78f34abcc90aed86255f571a17618e1b59683c8ea06652089b6dba4a0abdbc36
                              • Instruction Fuzzy Hash: 4001BC31A24109DBDB14CA6DC892ABFBBB29F84310F54486EC156A7640DFB1AD828BD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA1B0, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6ae349feacff5c0a4f407c25556b5ffef913b2e0149124c95fc8806b9d91e1d
                              • Instruction ID: 9811ea2f24721b679ba37030818100b61ffd1d90fabead60d84dbfe869cb758f
                              • Opcode Fuzzy Hash: e6ae349feacff5c0a4f407c25556b5ffef913b2e0149124c95fc8806b9d91e1d
                              • Instruction Fuzzy Hash: AE01F535A24144CBCB14CA59C8526BFBBF1AF84710F54402EC507AB240CFB26D8187D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E05B9, Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bac57ea115e72e3a36662f60be42e228347f2350a71b380bbfc64b1b2c710abf
                              • Instruction ID: c01f0d75a2c93963122db8509e32faf7d5a96fdee3c5553113859bab1c3e48eb
                              • Opcode Fuzzy Hash: bac57ea115e72e3a36662f60be42e228347f2350a71b380bbfc64b1b2c710abf
                              • Instruction Fuzzy Hash: E701443031026A0BCB097B7D98216FF668BAFC5504B54802FD10ADF3C0DEA58C0383DA
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC391, Relevance: .0, Instructions: 48COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 486cb5d0f0fa3ea3bbc0a02379c1770f3c5b9f6ec68e3d846224c4e078c30c7c
                              • Instruction ID: 5a42b3320711b43afebf9c6c9bbe1c03ea678298e1ed3215706da3c5704e9700
                              • Opcode Fuzzy Hash: 486cb5d0f0fa3ea3bbc0a02379c1770f3c5b9f6ec68e3d846224c4e078c30c7c
                              • Instruction Fuzzy Hash: D801F1757183609FE30A9B38D5546293FE7FB89221F0406EAF006DB7D5DA788C82C754
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7928, Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a6d9efeb70c1622a329d41d483f02be8bccc6b79a3d709629cf5f25d3ffe2cf0
                              • Instruction ID: 4a3527452220943fdd138d00dae0fcfad87d5387c587c77fbc58bd5b7fcecde7
                              • Opcode Fuzzy Hash: a6d9efeb70c1622a329d41d483f02be8bccc6b79a3d709629cf5f25d3ffe2cf0
                              • Instruction Fuzzy Hash: 4601BC30634105CBDB15CB2DC892ABFBBB29F85300F64486DC047AB680DFB1AD82CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA1A0, Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 53df920a4bf2692ef578cc331fb2daf6c2d482e8409b0ade5c609e951fc343cf
                              • Instruction ID: 773f8ebebd1a19da03fd6e4b53ef0cc3bea58f3e7608e40be496701e0ee3bf26
                              • Opcode Fuzzy Hash: 53df920a4bf2692ef578cc331fb2daf6c2d482e8409b0ade5c609e951fc343cf
                              • Instruction Fuzzy Hash: 83019E38A281458FCB19CB69C952A7E7AE16F84704F54846DC506BB640DEB19D828B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA860, Relevance: .0, Instructions: 46COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b80e3fbaddc2d5b9ef1fa17f71f1d0bfc778e7e28cab5b9ca44bb426f3bc7bd5
                              • Instruction ID: c8d719de1df38a0d4dca1ae9140b38813207c2bc398dfd7dd9f46a94628fb598
                              • Opcode Fuzzy Hash: b80e3fbaddc2d5b9ef1fa17f71f1d0bfc778e7e28cab5b9ca44bb426f3bc7bd5
                              • Instruction Fuzzy Hash: C7018F35E102198FDB54EFB9E9067AEBFF4EB84220F10417AD608D3240EB7459408FD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E69F0, Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 944328a643bd4a9b5c0c6c4730703554951da91bd4011c784e53e559a83c86ef
                              • Instruction ID: fda907a318dda51c6564cff60197a39b253df78e135e8285137801ba777f13b9
                              • Opcode Fuzzy Hash: 944328a643bd4a9b5c0c6c4730703554951da91bd4011c784e53e559a83c86ef
                              • Instruction Fuzzy Hash: 4A012C71E102099FDB50EAB9D8427EEBBF4EB84210F90417BD908D3240EB7459918BD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E05C8, Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2461fa37c93f7630b45019f088e266ab3aefafdccc6775001cd99d3d9b6d3a9d
                              • Instruction ID: 52513e7421e0487ad0140479a6e3ffb302a788abdb3c34ca0faf45a4ec6c9478
                              • Opcode Fuzzy Hash: 2461fa37c93f7630b45019f088e266ab3aefafdccc6775001cd99d3d9b6d3a9d
                              • Instruction Fuzzy Hash: 30F0B47071012907CB087A7E98116BF628FABC5955754802FD10ADF784DDB58C4343EA
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA850, Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5314d0990e3945d668156d6a05e3d000b008b0e7df75575e55c85c3b6656cd67
                              • Instruction ID: eb86710602038b4daeda860d424cfa2cc78e799a59e4e7c21fefa2dd9e2601cb
                              • Opcode Fuzzy Hash: 5314d0990e3945d668156d6a05e3d000b008b0e7df75575e55c85c3b6656cd67
                              • Instruction Fuzzy Hash: 97017C74A112198FDB55EFB8D9063AABBF4EF44210F10416AD604EB240EB754982CFD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA9D0, Relevance: .0, Instructions: 44COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dec80e19265d27ac3b36e37f4cd867208cc1aaab901758c72e14330d37ed9e77
                              • Instruction ID: 4eabad515289490e0b19cc10b74956801086815ebc93d5eb97a924307818cf5c
                              • Opcode Fuzzy Hash: dec80e19265d27ac3b36e37f4cd867208cc1aaab901758c72e14330d37ed9e77
                              • Instruction Fuzzy Hash: 9E01DF30324340CBCB04EB34DA154697FB3EB8922134441BEE90ACB352EFB58C46C791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E1218, Relevance: .0, Instructions: 42COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4fcbb557dbcd6f46008aedb7f13af030d83de180eecada67c022e3eece41eff3
                              • Instruction ID: c4ee7a29eda82bb950d6f7c8445651f42bf0091a4d9d55f3c50c77c78b8b8a89
                              • Opcode Fuzzy Hash: 4fcbb557dbcd6f46008aedb7f13af030d83de180eecada67c022e3eece41eff3
                              • Instruction Fuzzy Hash: 21011D30324120CBC648DB2CD8599697BEAFFC561076441BAE506CB764CFB5AC498782
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA301, Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 49c484915caa4dbafe4ecfecfc52fd80a1f3cea3148ff2d8e6f7427b32ac55bd
                              • Instruction ID: 5129f4938103067d4743a4a4c3c34feb9ce9d686e5a88c9cb929d591b8b3aa46
                              • Opcode Fuzzy Hash: 49c484915caa4dbafe4ecfecfc52fd80a1f3cea3148ff2d8e6f7427b32ac55bd
                              • Instruction Fuzzy Hash: F9F0F430F102169BCB04EBB4DC91ADE7766FBC4704F10996ADA019B385EFB0DD0187A0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E2F99, Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0420a23c4f50d63e192b7bc560a0acb0b653891d8f46abe6d1ecb00b48e3d5e9
                              • Instruction ID: 239e04cb121bc82f2ae37925080a55aea88d1fa3e0272dd4c1e45f03afeaa444
                              • Opcode Fuzzy Hash: 0420a23c4f50d63e192b7bc560a0acb0b653891d8f46abe6d1ecb00b48e3d5e9
                              • Instruction Fuzzy Hash: B1F04430F102069FDB45DAB4D8155AEB7F5DF81355B5088B5DA15DB210EA3198068B90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E63C8, Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ad24d55ad0c824af13ef3edd4e2fa079ab3739f2a1ff0d1fdf6de9399aae36e5
                              • Instruction ID: c2149fb6a8a44f9ebc8baba5fa5d4084b1a11c41bdeffa764ad863c598391479
                              • Opcode Fuzzy Hash: ad24d55ad0c824af13ef3edd4e2fa079ab3739f2a1ff0d1fdf6de9399aae36e5
                              • Instruction Fuzzy Hash: 8FF0F036A30205EFDB24D628A8026FEABE4EBD5290B800567C90A93640EA605A4186D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E82B1, Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4d45b8b10c78ce01bb9c86f51853377b78093e15e1d5594b58f0204f0bd4190e
                              • Instruction ID: 527ede5807c866027a09e8a3c8fb6eb67a5583d49d6527232d471d2128efe037
                              • Opcode Fuzzy Hash: 4d45b8b10c78ce01bb9c86f51853377b78093e15e1d5594b58f0204f0bd4190e
                              • Instruction Fuzzy Hash: D3F0C235A38649DF8702DB75C8428ABBFF4FF8261076040A7D541CB211E2719841CB99
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA9E0, Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5fbed583e95efd0eade43baf97d098871701419d1de6d71d4149fe31d6f5e47c
                              • Instruction ID: c8dbd8b6ecb7b33013e8bd5adfc80543b88f6a172fe513915bb1c7e9f1e027fc
                              • Opcode Fuzzy Hash: 5fbed583e95efd0eade43baf97d098871701419d1de6d71d4149fe31d6f5e47c
                              • Instruction Fuzzy Hash: 60F0AF30324200CBCB04EB78DA194697FE7EBC862035441BEE90AD7354EFB19C468795
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E63D8, Relevance: .0, Instructions: 38COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 544783c6198207a7e84d2d2ab22528c6cda4e5992b3b4472500582044fbd844f
                              • Instruction ID: c86fa418469c6a7d188d60e36958ae87eaad23b8cee75c381c87c2e700d9d849
                              • Opcode Fuzzy Hash: 544783c6198207a7e84d2d2ab22528c6cda4e5992b3b4472500582044fbd844f
                              • Instruction Fuzzy Hash: B3F0E932B34215D7CB34D669A8121BFBBE597D5650F800477C90B93340EA645A8146D2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA388, Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c449dbc8ae06c1df813771160604253564b10cbfced3726fe53fcca002590a35
                              • Instruction ID: 343d7581dc64cc3c0a0684eff5bdd21ffea4e247d661ba9c24ed0d2fa5de8694
                              • Opcode Fuzzy Hash: c449dbc8ae06c1df813771160604253564b10cbfced3726fe53fcca002590a35
                              • Instruction Fuzzy Hash: 49F0B430F102559BDB00EBB4DC91AEE7B66EBC4704F1484AADE01AB285EFB4DD4183B5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC67A, Relevance: .0, Instructions: 37COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ec0e5fbcfd88d2a17bffd6fad8554bb4c9820c6fe7059cc17629858195f3496a
                              • Instruction ID: e4dc368f1ffd9fb3c4d50b62d8ab4355cbed1cd9c38c8c3386e5f83bf3896222
                              • Opcode Fuzzy Hash: ec0e5fbcfd88d2a17bffd6fad8554bb4c9820c6fe7059cc17629858195f3496a
                              • Instruction Fuzzy Hash: 02F027727193A12B835AA1AC5C1162F3A9F8BC192039901ABE446DB351DE515C4183E6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E9FA1, Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 12914b1b94451845e6946ef76ad54c536ca7f4265948eaa75f876a8a0284baab
                              • Instruction ID: 35a7260ae6386294587c13aa92a29f47ea30371381eb270ae9e43bdff5f7be09
                              • Opcode Fuzzy Hash: 12914b1b94451845e6946ef76ad54c536ca7f4265948eaa75f876a8a0284baab
                              • Instruction Fuzzy Hash: 88F0C231718241CFE705D76899121AC3FA2ABC5225358896FD10ADB381DE76D8468741
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE758, Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 494a43928bec1442d9780ddc7a9846a9ea17599ceead9f1f567fc2d03d31319a
                              • Instruction ID: d74df52a4a19af394fb3c5d374309a87a57ff8aed7a932cec1cc8a07d9f94793
                              • Opcode Fuzzy Hash: 494a43928bec1442d9780ddc7a9846a9ea17599ceead9f1f567fc2d03d31319a
                              • Instruction Fuzzy Hash: 01F027352652A18BC712D62C9C218AB7FAADFC2514385849FD85ACB302DE739D06C390
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E55D9, Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b2b747ced557f13e6684b3fcf46dabe659f00939bfa09864b15e53f3dd05880a
                              • Instruction ID: 8185f4c49019849a59fd593c0ca96bff1ff7dc1db2ecba88ff763449567c7c7c
                              • Opcode Fuzzy Hash: b2b747ced557f13e6684b3fcf46dabe659f00939bfa09864b15e53f3dd05880a
                              • Instruction Fuzzy Hash: 53F0E532A153185FCF039978E8045EBBBEAFF85234F14047EDA08E7240FE62941286E0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE7D8, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 346a838e5929e60c3bb06b0a477f7f497e3a768853d59d8e7a60b8082d7144f0
                              • Instruction ID: 47bc65eeb2a39091644e9626436146f67949647b2501e4acf6dc6036cd04c669
                              • Opcode Fuzzy Hash: 346a838e5929e60c3bb06b0a477f7f497e3a768853d59d8e7a60b8082d7144f0
                              • Instruction Fuzzy Hash: 28F02762E3C3604BF731C298688A3A26F866744220F4B01F6E94ACB193E5B40CC0D3F3
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0918, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2abc464c274ec61597e2d72b90b4f31b8996b28e04f27ffa0e95a58640e7e85e
                              • Instruction ID: 2a3bc210c347e4b1d64c266b5ffaf5c3bf059ab0d4221264ba9ef66d932be953
                              • Opcode Fuzzy Hash: 2abc464c274ec61597e2d72b90b4f31b8996b28e04f27ffa0e95a58640e7e85e
                              • Instruction Fuzzy Hash: 20E0E532E35258DA9B209DFB9C425AFBBA9D7C5A50F80C5279A07A3340DAF058874292
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E45B9, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 09d37dec40866db12cef6c8b57462447a2b44c9fa411d09ea9a0cbb987085eb1
                              • Instruction ID: 5a71dc4e82c67790ccdfe7ff85407a86e2227aedb98b95593c39e50a161f8e5c
                              • Opcode Fuzzy Hash: 09d37dec40866db12cef6c8b57462447a2b44c9fa411d09ea9a0cbb987085eb1
                              • Instruction Fuzzy Hash: 3EF0BE30E4136A9FCB51DBB89C01AAABBF8EF86310F1441BED508D7252E6345904C7A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E4700, Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 960c960b59a083d07d673582d12d38a2c14cdab59fc406531167c08999e0492b
                              • Instruction ID: 0c87d87266a3b01ced2230c2f6b549eec8569c48d64efe0d92b8397f7a3329c2
                              • Opcode Fuzzy Hash: 960c960b59a083d07d673582d12d38a2c14cdab59fc406531167c08999e0492b
                              • Instruction Fuzzy Hash: 0EF055322693809FCB13E17564013B533A88BC7254FD000BFC501CF251E9B5088283C0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EAF90, Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ef85a153d556d12adfac33c25f4633361e151dfc10ec7e72adbe110bbe756eac
                              • Instruction ID: a0f794c02a3070dcf6f1f0c04bed32386d367292e201d47a6e7d7e2d96df6639
                              • Opcode Fuzzy Hash: ef85a153d556d12adfac33c25f4633361e151dfc10ec7e72adbe110bbe756eac
                              • Instruction Fuzzy Hash: 24E0EC76B06B004BC320DB5AA801453F7EAEDC06223088B3FD168C2901C77156054764
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 03320938, Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477669116.0000000003320000.00000040.00000040.sdmp, Offset: 03320000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                              • Instruction ID: 280d9fed6fde6489497fcde781bf789c7265497519c056158ecf6d83d44b73ef
                              • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                              • Instruction Fuzzy Hash: F7F03135104644DFC305DF00D980B16FBA6FB89718F24CAADE9890B762C337D817DA81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDF28, Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6a52d14ce5382c362816a0587413c7493f37f57f92164728af1115d00f77b693
                              • Instruction ID: 379d538b171e4aa08f1aa568cb9a0b29174e9c29a8b3cd214de8838da83df2e1
                              • Opcode Fuzzy Hash: 6a52d14ce5382c362816a0587413c7493f37f57f92164728af1115d00f77b693
                              • Instruction Fuzzy Hash: C7E022326206218FC321E668DA326BD37AADFC4624394886FC40ECF750EE72DC42C780
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E9FB8, Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 11fb4bccee7680d10b62b065b4fe0b8539b0f533711d475925ac0be9c010f7f7
                              • Instruction ID: ff6bea1a680d3c64efab58be13a6a6479a63cceefaa71ac772e665c2ed93dae1
                              • Opcode Fuzzy Hash: 11fb4bccee7680d10b62b065b4fe0b8539b0f533711d475925ac0be9c010f7f7
                              • Instruction Fuzzy Hash: 16F0A031714200CBA708E66CE81146D7BB7EBC5225398893EE10ACB344DFB2EC468785
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0908, Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 52781bdd4243b43419714ca72c239fde8605d76f3280055442ba4f126e306ce7
                              • Instruction ID: ccde3ef33e7befff4aeedb41fd30b5f820fd3fcb7d2bcf517126f027af73cc06
                              • Opcode Fuzzy Hash: 52781bdd4243b43419714ca72c239fde8605d76f3280055442ba4f126e306ce7
                              • Instruction Fuzzy Hash: 4EF0A030D35254DBD764DEBA88466BFBBA5AB81740F81C5279903A3241CAF458978681
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC9AE, Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 84aa390bb72ddea8bf68865dd6cf7cf863879aa1f8607616fc507826c1689daa
                              • Instruction ID: dd112edfbc25b3eba11806850efcbea8ce6e45843a652964cf059aa9e4a37f35
                              • Opcode Fuzzy Hash: 84aa390bb72ddea8bf68865dd6cf7cf863879aa1f8607616fc507826c1689daa
                              • Instruction Fuzzy Hash: A7E022227392E1CF8A2592BA40608BE3B669ECA06032A40EBD6429B251CE904C81C362
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7307, Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce54bd8ef74cb52b418ac98b3d35ce9c4d40a7148d219df2c5bcb3a4e0b4d9ca
                              • Instruction ID: 94d7c6bb31d3ca873827a10c951662a42c010fae62f70f78463abbb65b176493
                              • Opcode Fuzzy Hash: ce54bd8ef74cb52b418ac98b3d35ce9c4d40a7148d219df2c5bcb3a4e0b4d9ca
                              • Instruction Fuzzy Hash: D8E06534B112659BDF54F3F998223DE678A5FC0518FD45838C606CF781EFA04D418792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E57A2, Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 169a28b8f5a927ca9d8575dbe3ceab0e9028766dce540df07b0794626742aa97
                              • Instruction ID: 687537996173fbe2acd67141db80ffeeb97261025c66b84b14ad2efe18b3e2f8
                              • Opcode Fuzzy Hash: 169a28b8f5a927ca9d8575dbe3ceab0e9028766dce540df07b0794626742aa97
                              • Instruction Fuzzy Hash: F9F0A734B34204CBDB08EBB8E8122ED77A59F85108BB05427D1069A180FF748C918792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EBBE8, Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 91f02e7c4c8406945718de610af7a96dd6296d3fc7b4d52de74ddb8135ca071a
                              • Instruction ID: d1e65787d8b5bde4d3aee43f4707c803ca2515d06ff1921b82f8fbac544d7819
                              • Opcode Fuzzy Hash: 91f02e7c4c8406945718de610af7a96dd6296d3fc7b4d52de74ddb8135ca071a
                              • Instruction Fuzzy Hash: 89F06732608B508FC321DF69E580812F7F5EF856203058E9AD1EA87A61CA70B8088B21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E8551, Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e93036a2db32a33cbeae5de6d91be19cee44fc373281c862615e5456ecf450ed
                              • Instruction ID: dbd873e893ddd7055b05b40ce3582bc2a7384620ef4266305348970987bce850
                              • Opcode Fuzzy Hash: e93036a2db32a33cbeae5de6d91be19cee44fc373281c862615e5456ecf450ed
                              • Instruction Fuzzy Hash: FEE02B36E212118FCF659FB4E90616437F2DF4857230941ABD846D3340DE358C418F81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 033205F6, Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477669116.0000000003320000.00000040.00000040.sdmp, Offset: 03320000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e3859d8cfb37036e035fa091ddd6edcf1bdb23be15e67bab1833e3f59a5ffff8
                              • Instruction ID: 13308e97a11d6935e6f66a037d21dd3ed3107cb9a3b4ec06f2c38890ef23a22d
                              • Opcode Fuzzy Hash: e3859d8cfb37036e035fa091ddd6edcf1bdb23be15e67bab1833e3f59a5ffff8
                              • Instruction Fuzzy Hash: 85E092766006008BD650CF0BFC41462FBD8EB88630B58C07FDC0D9B700E13AB904CEA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA90F, Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf8c4bdcb2165f9b28838c3e67a77376026d0989d33cc6498e2e97a417780463
                              • Instruction ID: 74e0eb4f55f32a9cd7e533ab4ef2f721a65cd0df4a79641689808c17288cf752
                              • Opcode Fuzzy Hash: cf8c4bdcb2165f9b28838c3e67a77376026d0989d33cc6498e2e97a417780463
                              • Instruction Fuzzy Hash: A1F05535A182608FCB4367B481161583FF18F8B24132400EAD11ACB362ED364C428B91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016DADB3, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.476095371.00000000016D2000.00000040.00000001.sdmp, Offset: 016D2000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f08ce945592bd53fc182d521481e3651632af5c2f59054444151f64e596d2496
                              • Instruction ID: e99daf367e4d2c219e70cda3a8c6ff955c8c6608a1e90dafa6a5eb856a3bf042
                              • Opcode Fuzzy Hash: f08ce945592bd53fc182d521481e3651632af5c2f59054444151f64e596d2496
                              • Instruction Fuzzy Hash: E0E0D8725013046BD2108E0BEC41F63FB58EB40A30F54C557EE0C2B701D176B5048AF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDF38, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c9f29a568b59aca817935b9267feb40ca696593f316ba39a811c8d02a4d5c2d5
                              • Instruction ID: ecfc34c4e61bf34af30bd1c76164145fd8409ed0096ae54e34a026ee86fbe8af
                              • Opcode Fuzzy Hash: c9f29a568b59aca817935b9267feb40ca696593f316ba39a811c8d02a4d5c2d5
                              • Instruction Fuzzy Hash: F3E0D8323201114B8610D65CD83146A77AADBC5664354846ED40E8B340DE72EC018790
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE768, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 02adeb7f3c986a654f23e991dc0a20056f72e7dd5a9679d51da706a8020fc441
                              • Instruction ID: 647e11fd51a8e60179e81f07ae4f8e8f1c742c88557b5fba24e27c5356767d31
                              • Opcode Fuzzy Hash: 02adeb7f3c986a654f23e991dc0a20056f72e7dd5a9679d51da706a8020fc441
                              • Instruction Fuzzy Hash: 0DE02036330111478710DA6CDC1186E7B9EDFC1624395842EC40ECB300DE73DC0287D0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA264, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e1eba9ed84e450cc40bcc94e9f1a074cffd46e1bc986b742ea4197c4f6e73cd
                              • Instruction ID: 67971715854e90c8f08d835e4cf048f2f6ee88752954dd30cda09b7682f0ea5f
                              • Opcode Fuzzy Hash: 0e1eba9ed84e450cc40bcc94e9f1a074cffd46e1bc986b742ea4197c4f6e73cd
                              • Instruction Fuzzy Hash: 3DE06D38638041CFDA08CB45C8A363E7AA16F84B04F94841EC017AF280CFE259C28B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E8560, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 902c2e2a8c3970522071caa19563b7135b86d66599d6668225d260d50e50c5da
                              • Instruction ID: 5272592e3254b001d49d5b8b96c8db00018c76a202d2f0c3c66e115f3594401d
                              • Opcode Fuzzy Hash: 902c2e2a8c3970522071caa19563b7135b86d66599d6668225d260d50e50c5da
                              • Instruction Fuzzy Hash: D1E02231F202228BCBA4ABBCA8151257BEBD78CAA0325406AED06D3304DE708C008FC2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE7A8, Relevance: .0, Instructions: 25COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 93f3d67eb18bd050fe639d22b70f7bea0ee7aa82052ad6c23943292d2584a221
                              • Instruction ID: 87ace0fe8810d0a218dce59700d8410e58e2fc5af295b9e70c049047ea70c779
                              • Opcode Fuzzy Hash: 93f3d67eb18bd050fe639d22b70f7bea0ee7aa82052ad6c23943292d2584a221
                              • Instruction Fuzzy Hash: A3E07D3507FB44CBD324C63085038E63B29DA037233870997D0878B940D77199C18790
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC9C0, Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 812a4260257e8a841f5c62398a8d3bb4e08982267bec32307ca4285bf37e0974
                              • Instruction ID: 136d36f45364cc09a00fff259c8232efa744ee49a637983594f9c40ba74bf746
                              • Opcode Fuzzy Hash: 812a4260257e8a841f5c62398a8d3bb4e08982267bec32307ca4285bf37e0974
                              • Instruction Fuzzy Hash: C5E0C2313341B4974924A29F80218BE728F9BC54A5365402FD607AB350CE819C81C396
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDF79, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4a3874801cd082ef1a97f5e3cf3bcc44ece0274467fc70e217020127eee3fb28
                              • Instruction ID: 210f4a1f0a27e6e7201a784c9cd3cf3991abadfcb1182a9ca727e76eecf576ad
                              • Opcode Fuzzy Hash: 4a3874801cd082ef1a97f5e3cf3bcc44ece0274467fc70e217020127eee3fb28
                              • Instruction Fuzzy Hash: C5E08C36939210CED720DBA091371727B61AF48712B80446BE04BCB294DAB188C2C781
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E02A0, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23526606a1d6bfd703f11b82c70cb34e0efb54c0550ac94800272b23811c6897
                              • Instruction ID: f8b11408d8cbb53b05d3e8617cce1008a575fa8ec33be26d865122b49d2fc652
                              • Opcode Fuzzy Hash: 23526606a1d6bfd703f11b82c70cb34e0efb54c0550ac94800272b23811c6897
                              • Instruction Fuzzy Hash: 43E08C3041A744CFC763DB30E8564917BF0FF86600340D89ED4828F5A4CBA06C82CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0170, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 004f2647293383be219ba70e37c6ecf1bc50ee644b4a2c8b59088edb4f56708b
                              • Instruction ID: 80a2d96ed314e5d3f85d1b534b20bf536a92a0d1516adc10d70b3405e2ee23cd
                              • Opcode Fuzzy Hash: 004f2647293383be219ba70e37c6ecf1bc50ee644b4a2c8b59088edb4f56708b
                              • Instruction Fuzzy Hash: D6E0463510A3998FCB071BB1A8180987BB6AE4B24834404BAC802CB266EE7B8841CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6388, Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6b38f438ed3e55398f333f2a445b5824fdc031d21fc6070cc1e9f64360fec97f
                              • Instruction ID: 77585164cfec86da12325bfd0d5e67bce6b492d7e8e9ef4165fc058c276bc41d
                              • Opcode Fuzzy Hash: 6b38f438ed3e55398f333f2a445b5824fdc031d21fc6070cc1e9f64360fec97f
                              • Instruction Fuzzy Hash: BFD02B3163C51687DB1072A85C0576C338C9B91960B84002ADA07C3240DAD68CC043DB
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5F68, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fbac2af7d4574949f3d86a3a11bb6ccd29c5c3ad71007b4e6ec5a83831db4dac
                              • Instruction ID: 2422a736b6b8a8e0dd79e32b1af15624f585f002d901e8a1c9e030973cc6b900
                              • Opcode Fuzzy Hash: fbac2af7d4574949f3d86a3a11bb6ccd29c5c3ad71007b4e6ec5a83831db4dac
                              • Instruction Fuzzy Hash: 0DD09E217442285B9508EAAD9C5187A779FEBD5554705845FA91AD7341CD629C0283D0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EDF88, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e7b49f1f57a692c0d8cf4fd45c76f0a3e622004d5d913dc002c55baeec701f88
                              • Instruction ID: b49b16d5c9d6c7ee68356c7c8638a3e58998b94b2f24688398764d68713f32c4
                              • Opcode Fuzzy Hash: e7b49f1f57a692c0d8cf4fd45c76f0a3e622004d5d913dc002c55baeec701f88
                              • Instruction Fuzzy Hash: AAD05E31538220DFCA24E69490325B3B7A8AB497127C0443AF54B82644DAF298C187D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E57F6, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6eb6d67417350438bdb1cb0ebb44f42245aab47518016bd07fd592a54bf09f8b
                              • Instruction ID: c4da93fa3b414e273ee0c15ee3053c729e56c02befa06789c5c2c5bbd751228e
                              • Opcode Fuzzy Hash: 6eb6d67417350438bdb1cb0ebb44f42245aab47518016bd07fd592a54bf09f8b
                              • Instruction Fuzzy Hash: 5BD0C235E34208CBCF04E7F4F8161ECBB709B84129BA0147BC10B96500EEA048C147D2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E064F, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c25f5ab768b9f78311595b8ee09274c958c9ae51c6b51edcf77b2f23834e4ba8
                              • Instruction ID: 828ef7165ab37b2bf0c108b8394ef99aa7f8fdee54f8e05e8968477a1fd8b8a1
                              • Opcode Fuzzy Hash: c25f5ab768b9f78311595b8ee09274c958c9ae51c6b51edcf77b2f23834e4ba8
                              • Instruction Fuzzy Hash: BFD05E728A63419FC7558AB05C161E47BA0DEA3229718C5B7C80586821D1B62A938B52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EF068, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 45bd822a8cfb5defb6cc2abc40b9e97eb52fd52b5064abd3fe52e3248b9f3239
                              • Instruction ID: 441f3d05b40c7e68d32028d67868d72d129e5464f69cab9fdedd5c22e812f898
                              • Opcode Fuzzy Hash: 45bd822a8cfb5defb6cc2abc40b9e97eb52fd52b5064abd3fe52e3248b9f3239
                              • Instruction Fuzzy Hash: 9BD05E317001281B9508E9AD8C508BA778FEBC6514304885FA80ADB341CD629C0283D0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E74A0, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a0680227f8d896cb2bb68fb09c80301864005c1ca0435883e98b7a069e73d7b
                              • Instruction ID: 47c795550f5908d8e5b630e2ab3d941096b99f273999bb48e42d1d32f304b178
                              • Opcode Fuzzy Hash: 9a0680227f8d896cb2bb68fb09c80301864005c1ca0435883e98b7a069e73d7b
                              • Instruction Fuzzy Hash: DAD0C2320387608BE336CA6DA4026A2BEF85B41318F84095EC1CA05990C6E1E5C4C3B2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EA269, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b17fabe13ef6420d3293d636e1f77b71e436411ea00c29aae42d68527ccad322
                              • Instruction ID: 8cfdf835d4b29cff85008c720fd1da9b0fa71b8438a7a4f7878eeb9b24ad950b
                              • Opcode Fuzzy Hash: b17fabe13ef6420d3293d636e1f77b71e436411ea00c29aae42d68527ccad322
                              • Instruction Fuzzy Hash: 14E01238674146DFDB04CB45C893A7EBFA19F44644F644419C026BB241CFB24D928BA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EF0A0, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd8ecf84d85cf0ef06066874b76b9959a9201b652846d682f7506dc225da16da
                              • Instruction ID: aa21013d516008928e4e1c0d8ad331b67d4a466e5c7220c0ecebb09b2ddaebbc
                              • Opcode Fuzzy Hash: cd8ecf84d85cf0ef06066874b76b9959a9201b652846d682f7506dc225da16da
                              • Instruction Fuzzy Hash: FDD0A735C963486FCF91537068090B93B7C4882011B0901D3EC1CCB103D57545648751
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016C23F4, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.475983852.00000000016C2000.00000040.00000001.sdmp, Offset: 016C2000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6af50c44d9e28d9be79138cda7d62f77f36c82e84ae9f708784d0324da57528a
                              • Instruction ID: 2f3f47798532b6a77b5ebeccb7e603da323a84ef59de8c1fc2c7c79eb1a8b485
                              • Opcode Fuzzy Hash: 6af50c44d9e28d9be79138cda7d62f77f36c82e84ae9f708784d0324da57528a
                              • Instruction Fuzzy Hash: 0ED05E79216A818FE3268A1CC5B8BA57FA4EB51F04F4684FDEC008B763C368D9D1D200
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EEB38, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5e7f8cdc54eac6eceac7fa3e0c29ad67a8d5d95c9b3f2469b5e874a7bb4d2893
                              • Instruction ID: 68cb974d18ab20a36537c283f480e29679632cfd58bd4d8127e91b6d7925c9cf
                              • Opcode Fuzzy Hash: 5e7f8cdc54eac6eceac7fa3e0c29ad67a8d5d95c9b3f2469b5e874a7bb4d2893
                              • Instruction Fuzzy Hash: 3FC08036525325D74B24F1B57D030D9775CDD05155FC540FDDD0D5B200E661995A43D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5B19, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5b59f3fd62c0d053a352436eb5b44111d0c34cd23c067671ef7d067f02a992ec
                              • Instruction ID: 992767ace5f79e8b55cee97fa9116293d4c947380ff976174b7eae131497829c
                              • Opcode Fuzzy Hash: 5b59f3fd62c0d053a352436eb5b44111d0c34cd23c067671ef7d067f02a992ec
                              • Instruction Fuzzy Hash: 80D0123142FB558FDB135BF05A195143B78DD0319836900EBD909CF166E6A98491D7D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6F50, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                              • Instruction ID: deb67e634c71d2eca4644856e6f8aec42047ad7b48c1b07947eeef035eaeac12
                              • Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
                              • Instruction Fuzzy Hash: 16D0423AA000048FC704CB88D5959DDF7F1EB98225F28C1A6D915A7251C732ED56CA90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EE7B8, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e173f91e65f211f735b91cdbca5a6ee2f3b0f43995fa1b22e959c6a68d24c6a2
                              • Instruction ID: 2a2a238b97390df2b2205923d2d9b6643f2ac66c626465a1d30637a94a4c8ce5
                              • Opcode Fuzzy Hash: e173f91e65f211f735b91cdbca5a6ee2f3b0f43995fa1b22e959c6a68d24c6a2
                              • Instruction Fuzzy Hash: 23D0A930038608DB9324CA00D0028A2736DAA0AA22382086AD00B03A40EBF2A88097D0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 016C23BC, Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.475983852.00000000016C2000.00000040.00000001.sdmp, Offset: 016C2000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 70fc074d3709e20a5285f5b46c7497537bf8ea179e3c7ecb4a015b855cca1782
                              • Instruction ID: 7b806bd5eda7f71000b34442887f4183dd35fdac5b6f7cc99030b122946995b6
                              • Opcode Fuzzy Hash: 70fc074d3709e20a5285f5b46c7497537bf8ea179e3c7ecb4a015b855cca1782
                              • Instruction Fuzzy Hash: 5ED05E343002818BD715DB0CC9A4F693BD4EB41B00F0644ECAD008B762C3A4D881C600
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E7A2E, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2196f7ca9eed615850b0fa34c0a4a3fe67121ed070b3b5bd4ba0b53c1302dd94
                              • Instruction ID: aabb54cb6f593d35fcd7005184b6bb63e33662a429376d55fe78a1e70bb3bd97
                              • Opcode Fuzzy Hash: 2196f7ca9eed615850b0fa34c0a4a3fe67121ed070b3b5bd4ba0b53c1302dd94
                              • Instruction Fuzzy Hash: 0CD05234A70208CF8B11CF79D9144ED77F0EB0A220720032AE802AB380F3389D41CB00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5478, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9b43c20968e3744be31ca1d6df38fdb89472247ed7bb06869a3dddcf958b60e9
                              • Instruction ID: 6366ca8a06681b040a8ed678d8121b6376dbaa99ac7589cae265d450096c6c4d
                              • Opcode Fuzzy Hash: 9b43c20968e3744be31ca1d6df38fdb89472247ed7bb06869a3dddcf958b60e9
                              • Instruction Fuzzy Hash: 16D0C9228362468BD7319FAB6C0F36D7B6CB70220EB98A081E00680515DBB4C1A0D753
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EC789, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d84e05371d2c2cae73b40311f2939261fdd00edac96811ddd52a1d68bb087240
                              • Instruction ID: ab181cdf7b919a637c5e5c58dc61e6a2d979622694e4e01ac5a8abfbc56484a7
                              • Opcode Fuzzy Hash: d84e05371d2c2cae73b40311f2939261fdd00edac96811ddd52a1d68bb087240
                              • Instruction Fuzzy Hash: C8D0122090E7C18FEF130B304A184817F368D8721630805CBE0848A263E2798440CB21
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0180, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 98a4068d50c824475ba4c9a43e55423b349d91d0b8bc5e65bb7a8caf30029b3e
                              • Instruction ID: a91a18c5fbce1e0e70baf9e863c980f2b69ef48b351ee477ae6a898071bde8e9
                              • Opcode Fuzzy Hash: 98a4068d50c824475ba4c9a43e55423b349d91d0b8bc5e65bb7a8caf30029b3e
                              • Instruction Fuzzy Hash: 7ED01230601314CFCB182B70E8194183369AB45209340187DD80687744EF37D890CB00
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5B28, Relevance: .0, Instructions: 11COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a4143c51b327fcf706c1b4bb26898cbc425d6695c76b8254c80275d7ae70f014
                              • Instruction ID: 62d7725c83a4af7de1cc74d00f8dc3f9621aa21e847e9551f4eded52a0edd126
                              • Opcode Fuzzy Hash: a4143c51b327fcf706c1b4bb26898cbc425d6695c76b8254c80275d7ae70f014
                              • Instruction Fuzzy Hash: 19C04C306356068F9F606BB56D1F52A77AD5B4154D3D4105DE40A8E108EF64D4604692
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E0660, Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0992d68a9a81615a5d258b454fa100045075a6b0c417abc91fbd54d384c79b7a
                              • Instruction ID: 8dd78b26ff6412e63288cc7935f633d8f4a04b81558ce85e07eb2667e361a5c1
                              • Opcode Fuzzy Hash: 0992d68a9a81615a5d258b454fa100045075a6b0c417abc91fbd54d384c79b7a
                              • Instruction Fuzzy Hash: 4FC02B30076304CFC3149BB22C06635720956C030D384C43284010001089F264E3CD26
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EEDEB, Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8d7f2d25e80f8ec0080a5376438695fa88655ddccdfbfec5b7ddf44613a7f4a6
                              • Instruction ID: c753d441744aaec07282cd69b03f9fe9efa51a242d8a6a64afd7d12770cc6e6e
                              • Opcode Fuzzy Hash: 8d7f2d25e80f8ec0080a5376438695fa88655ddccdfbfec5b7ddf44613a7f4a6
                              • Instruction Fuzzy Hash: D7C04C36A150498EEB109BD4F8453ECB764EB81329F500166D21D51441867501A94792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E6F74, Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                              • Instruction ID: 137172554b3c51c7258da85f42fb8e8d24c98f255403acc4131e5ef52a552d0b
                              • Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
                              • Instruction Fuzzy Hash: A9B092B7A14009C9DB00CA84B4423EDF720EBA0229F104033C31152000C27201A486D1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E5FA0, Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 93431847a6377b27e4ca7654ac1e00ecc8f2e12190d55bf8eaf8c4d685567cfa
                              • Instruction ID: 2f917d05582009e25f53146dded4e42f1c5b0e6400573eee630cec17186059e1
                              • Opcode Fuzzy Hash: 93431847a6377b27e4ca7654ac1e00ecc8f2e12190d55bf8eaf8c4d685567cfa
                              • Instruction Fuzzy Hash: FAC09B7580D7D04FC7134A2C4C105453BA05E531047ED44E944D5C67D2F4184505C792
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032E2EC0, Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c36af61663c967f47ca3cc1e2d9e2a3ff38488908ea6339a3d4f4b0941c1261c
                              • Instruction ID: 2f5016bcc8e2df7d232d2718c047e3da44b88696118bb4cc9d0933a9af6f6414
                              • Opcode Fuzzy Hash: c36af61663c967f47ca3cc1e2d9e2a3ff38488908ea6339a3d4f4b0941c1261c
                              • Instruction Fuzzy Hash: A0B012302143095B5750A6B12C09A12338C864050A38C14A4980DC0000F510E0E02280
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032ED160, Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a686befd2ff2e6b2d9c62b592b383a286f18301ad7d57754c19b27c201454bc
                              • Instruction ID: 9a6b5f5e17daddaa1b05c8c00a166530a9532f97fbd6b19225fb24c20cfec432
                              • Opcode Fuzzy Hash: 7a686befd2ff2e6b2d9c62b592b383a286f18301ad7d57754c19b27c201454bc
                              • Instruction Fuzzy Hash: 2AB0923402974CDB8314E615DC4B89A3A6CF9426103C02125E90246289EFE96D8287E6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032EF0B0, Relevance: .0, Instructions: 8COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 577fbbcaee46a2183b87ee3fec50c7c7f3e30b83125757100770ebb6b64259cf
                              • Instruction ID: 42343ab5ee32bd25c2ee87cbd04cabe9d002d8f26fe4170ae03ae84bb06a2245
                              • Opcode Fuzzy Hash: 577fbbcaee46a2183b87ee3fec50c7c7f3e30b83125757100770ebb6b64259cf
                              • Instruction Fuzzy Hash: 59B01224D4670C4BCE9073F4680D11D735C19C04107C040129D0D4B300BEB4A4908695
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 032E0D93, Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: ,:ar$0`r$:@:r$X1ar
                              • API String ID: 0-2614842347
                              • Opcode ID: 9d232e8d1abe179d4380604d84104439bb8cd29bb9d4f55af6e86c06a2ebaed2
                              • Instruction ID: a14a64163c00ccb814d14c539d712db25666374ad9a1afa485c2a1ece6453fea
                              • Opcode Fuzzy Hash: 9d232e8d1abe179d4380604d84104439bb8cd29bb9d4f55af6e86c06a2ebaed2
                              • Instruction Fuzzy Hash: BDB19670A08344CFD3A8DF788560BAABBE2FB95704F10596EE5498B394EF759C45CB02
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032ED6C0, Relevance: 5.1, Strings: 4, Instructions: 54COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: U$X1ar$X1ar$X1ar
                              • API String ID: 0-4157258986
                              • Opcode ID: 759f304b5db03e6bda270c0febabb7f4a4d7c3860e26895fd9a69b0055a8024b
                              • Instruction ID: da990b499d7f6dbeeb60cbe275adf368469299816226709e9bd661ebac625f45
                              • Opcode Fuzzy Hash: 759f304b5db03e6bda270c0febabb7f4a4d7c3860e26895fd9a69b0055a8024b
                              • Instruction Fuzzy Hash: E501E530B153459FC704FFB8992226E3BAA9BC15007A8449F840A8F281CE719C419392
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 032ED4E0, Relevance: 5.0, Strings: 4, Instructions: 31COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 00000009.00000002.477522051.00000000032E0000.00000040.00000001.sdmp, Offset: 032E0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: U$X1ar$X1ar$X1ar
                              • API String ID: 0-4157258986
                              • Opcode ID: 1187dbe99820866aeca31f1bc9bd587e5e1de25b15f787486af39b1b0a273444
                              • Instruction ID: 649eff3e0ff177e27bb4d0ada409e0927c64c903bdaea3356e6aede0c4fa3f27
                              • Opcode Fuzzy Hash: 1187dbe99820866aeca31f1bc9bd587e5e1de25b15f787486af39b1b0a273444
                              • Instruction Fuzzy Hash: 58F0E5313153A29BC700AFBD98121AF7BD69FC6644759409FE84A9B381EB70AC518BD2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Analysis Process: dhcpmon.exe PID: 5820 Parent PID: 3388 dhcpmon.exeCOMMON

                              Executed Functions

                              Function 02680EB8, Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$X1ar
                              • API String ID: 0-3821969665
                              • Opcode ID: 47ee5e517735691a8dc2b47ce498ac9cb469f59cfcfdd881bcc3ab169d4bf27d
                              • Instruction ID: a12979850581437d760bc65632be898e49bc052b591c31b02378489c32ebf0a3
                              • Opcode Fuzzy Hash: 47ee5e517735691a8dc2b47ce498ac9cb469f59cfcfdd881bcc3ab169d4bf27d
                              • Instruction Fuzzy Hash: 6281D674E002089FDB18DFA9D951B9EBFF2BF88304F20816AE504AB3A5EB755945CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680EC8, Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$X1ar
                              • API String ID: 0-3821969665
                              • Opcode ID: eabae3e4d1fe8db4f31328f3d2a1641f3834222985bb9d32ea3c0164d6f0a0ca
                              • Instruction ID: e80217a1d5cc7ce50c390bce78f6a08ae9d05de2ede61d530cb830e8e7554fec
                              • Opcode Fuzzy Hash: eabae3e4d1fe8db4f31328f3d2a1641f3834222985bb9d32ea3c0164d6f0a0ca
                              • Instruction Fuzzy Hash: FF619474E002189FDB18DFAAC951B9EFBF2BF88304F208129E508AB395EB755945CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0B17, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                              Download Yara Rule
                              APIs
                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05BA0B97
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: AdjustPrivilegesToken
                              • String ID:
                              • API String ID: 2874748243-0
                              • Opcode ID: 5c651363005ff6257dffc664f8cdef019f6a397f1044d7928730594725b2d197
                              • Instruction ID: fb0a7e530d1cea3ff8a2a4fefe88794b25f9a61e53b071d45d4bedec017c609c
                              • Opcode Fuzzy Hash: 5c651363005ff6257dffc664f8cdef019f6a397f1044d7928730594725b2d197
                              • Instruction Fuzzy Hash: CA21BF76509384AFDB128F25DC44B52BFF4EF06314F0884DAE9858B163D274A908DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA11DD, Relevance: 1.6, APIs: 1, Instructions: 56nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05BA1249
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: InformationQuerySystem
                              • String ID:
                              • API String ID: 3562636166-0
                              • Opcode ID: 5f224567ca250415930d3cc44afeab26dda4f0ce5f81b267756c2563b4baa1d3
                              • Instruction ID: 22c3803fd5a201f9fb597e5b0e5b8201afc32fbc6b5544435bb42b8589b9d6ae
                              • Opcode Fuzzy Hash: 5f224567ca250415930d3cc44afeab26dda4f0ce5f81b267756c2563b4baa1d3
                              • Instruction Fuzzy Hash: 731193764097C4AFDB128F15DC44A62FFB4EF06214F0980DAED848B163D275A918DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0B4E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05BA0B97
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: AdjustPrivilegesToken
                              • String ID:
                              • API String ID: 2874748243-0
                              • Opcode ID: d57daf6638ab768a8e99dd58b1f5de5517717fee3e79eea71a055ca2eed8fb30
                              • Instruction ID: 76640fdfdbc1b006c09e6d2ee64cd348aa761737e37c7737cc50f8348291d5e3
                              • Opcode Fuzzy Hash: d57daf6638ab768a8e99dd58b1f5de5517717fee3e79eea71a055ca2eed8fb30
                              • Instruction Fuzzy Hash: 09119E325046049FDB20DF65D948B66FBE4EF08320F08C4AADE468B622D375E418DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA120E, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                              Download Yara Rule
                              APIs
                              • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 05BA1249
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: InformationQuerySystem
                              • String ID:
                              • API String ID: 3562636166-0
                              • Opcode ID: e2f10c9b8fb1aec46a4d0a53c9ba746cf2313b19cb0d88648d30d838626b54fa
                              • Instruction ID: 3f11036fe3f1881a27be37ee826a43e09d5ad1ab7f13b40110c7fd5ec2b1dfc3
                              • Opcode Fuzzy Hash: e2f10c9b8fb1aec46a4d0a53c9ba746cf2313b19cb0d88648d30d838626b54fa
                              • Instruction Fuzzy Hash: D30178325047449FEB60CF59D884B26FFA0EF08720F08809ADE494B216E3B5E418CB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026805A8, Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$`5ar
                              • API String ID: 0-3512261011
                              • Opcode ID: cbc2d9b476d7d4975177ece83ec7b990947a7e52a14653cdab350a332e665544
                              • Instruction ID: ddd2e6a064afe9d1c7a021789645cc31d84dd9723d801b984fc4b427e4ff5113
                              • Opcode Fuzzy Hash: cbc2d9b476d7d4975177ece83ec7b990947a7e52a14653cdab350a332e665544
                              • Instruction Fuzzy Hash: 7D91F574E01218CFDB54DFA9C894BADBBF1BF89310F1055A9D405AB390DB719985CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA07B7, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05BA086F
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 76f0bfe711c8ab0b011ae40aa577b8d860da8d2f5d257f8a11983d47484eb82a
                              • Instruction ID: 161236ffdcd7863f80bfce292304bf6034279202a1fb6a67bf7f343f9b85fe30
                              • Opcode Fuzzy Hash: 76f0bfe711c8ab0b011ae40aa577b8d860da8d2f5d257f8a11983d47484eb82a
                              • Instruction Fuzzy Hash: DA31C872404344AFEB22CF64DC44FA7BFECEF06310F0885AAE9849B152D325A919CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B0ABD5
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: 8185d80b6243d6e8ddf027dec2e3048207a38f0f55352841a9adf206b344154b
                              • Instruction ID: d332cd62253b6cdee9586d35b86669e17e814e9859db47e0ab4b894edea393a8
                              • Opcode Fuzzy Hash: 8185d80b6243d6e8ddf027dec2e3048207a38f0f55352841a9adf206b344154b
                              • Instruction Fuzzy Hash: 1431B472504384AFE7228B25CC45F67BFECEF06710F08889BED809B192D264A849CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0BA68, Relevance: 1.6, APIs: 1, Instructions: 91COMMON
                              Download Yara Rule
                              APIs
                              • GetTokenInformation.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 00B0BB10
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: InformationToken
                              • String ID:
                              • API String ID: 4114910276-0
                              • Opcode ID: 00a9b885f3f26353aea7043e3e4a1393bcdffdab84c6867f3c227d7bb1062afd
                              • Instruction ID: 452fa63db0e2e84647f2a0264ed124928691ae414c335c711d1152c627f8fb6d
                              • Opcode Fuzzy Hash: 00a9b885f3f26353aea7043e3e4a1393bcdffdab84c6867f3c227d7bb1062afd
                              • Instruction Fuzzy Hash: 5A31E4B2504740AFE722CF54DC85F96BFACEF06310F08849BEA449B192D324A905C771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0514, Relevance: 1.6, APIs: 1, Instructions: 90fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05BA05B5
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: ae12e31ed35671238bbda791aa733298f50daa1ce9d638a01f1500a378cfde43
                              • Instruction ID: e15badfb508a53f828f6f33bffb712a4dd4a023bb6f16baa0f782e723ac6c093
                              • Opcode Fuzzy Hash: ae12e31ed35671238bbda791aa733298f50daa1ce9d638a01f1500a378cfde43
                              • Instruction Fuzzy Hash: AF317E72508344AFE722CF65CC44F66BFE8EF49610F0884AEE9858B252D375E809CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 00B0ACD8
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 2e85b25e945fff9bcaf12fc01ec1e513192cde57ea4f1e85c0ca56224b4c8b5b
                              • Instruction ID: 9200d65ff62b6444058ef8358fdfa801443aebf3bb1bd96ad23d87ba255e6721
                              • Opcode Fuzzy Hash: 2e85b25e945fff9bcaf12fc01ec1e513192cde57ea4f1e85c0ca56224b4c8b5b
                              • Instruction Fuzzy Hash: 57319371105384AFE722CF25CC44F62BFF8EF06314F1888DAE9859B292D264E949CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0B96A, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              • CreateMutexW.KERNELBASE(?,?), ref: 00B0BA11
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: ea3353804044de31fed39a88b1064ba96718d566bbf7d633b7bf9b7a6fc60b9d
                              • Instruction ID: 6c0613e22ad91de9fd385b297c51681cfbe9b94ff65f0bd1823aa5d0ac950c73
                              • Opcode Fuzzy Hash: ea3353804044de31fed39a88b1064ba96718d566bbf7d633b7bf9b7a6fc60b9d
                              • Instruction Fuzzy Hash: BB3191B1509780AFE712CF25CC84F56FFE8EF06310F08849AE984CB292D365E909CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0E48, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 05BA0EDC
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 3aef68fedc460eade8aa99d2051207fdefa73a929ca94f595afae18a297de4c3
                              • Instruction ID: fe560494ed58bb806adb2944b9568b1f1a25fd69febba91f1d2642e353e13398
                              • Opcode Fuzzy Hash: 3aef68fedc460eade8aa99d2051207fdefa73a929ca94f595afae18a297de4c3
                              • Instruction Fuzzy Hash: DB21D6725097846FEB128B24DC45FA6BFB8EF47324F0884DBEA84DF193D264A905C761
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA014A, Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                              Download Yara Rule
                              APIs
                              • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05BA01DB
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: OpenPolicy
                              • String ID:
                              • API String ID: 2030686058-0
                              • Opcode ID: 9c82d7d983004909b25ab79a6c13e29b55b5a63f9137008cafa6afdf07fbf0a8
                              • Instruction ID: a2f25066cf0f9857e099c4b1f9ee1ac64b1fb187f602853af678ae9131a88910
                              • Opcode Fuzzy Hash: 9c82d7d983004909b25ab79a6c13e29b55b5a63f9137008cafa6afdf07fbf0a8
                              • Instruction Fuzzy Hash: 73219F72508344AFE722DB65DC48F6AFFA8EF45710F18849AED849B252D224A8088B61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA07F2, Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05BA086F
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 5ba1b19495580105cf7452281b41974fd9e901ca05daa869465fa9f6b961aa1c
                              • Instruction ID: a55801ea4d5e023c69868579aa7fbc3aaee1407cc1f5169ebaac7a147ea8854a
                              • Opcode Fuzzy Hash: 5ba1b19495580105cf7452281b41974fd9e901ca05daa869465fa9f6b961aa1c
                              • Instruction Fuzzy Hash: A921CF72504308AFEB21DF65DC44F6BFBACEF04320F04886AEE45DB251D674A4188BB5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA060C, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              • GetFileType.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 05BA06A1
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: FileType
                              • String ID:
                              • API String ID: 3081899298-0
                              • Opcode ID: d0113474fe95380fc75ff97c2b409be9200f39ea3426510ead715d9c46e9e072
                              • Instruction ID: 880d24b2f910bb6ddff8d2e3568762baff7934b31de01713916f30445f3d9ad4
                              • Opcode Fuzzy Hash: d0113474fe95380fc75ff97c2b409be9200f39ea3426510ead715d9c46e9e072
                              • Instruction Fuzzy Hash: FE2103B2408784AFE7128B25DC54FA2BFA8EF46324F0880DBE9849B153D224A909C771
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA08CD, Relevance: 1.6, APIs: 1, Instructions: 78fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileW.KERNELBASE(?), ref: 05BA0954
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: 10e7350b22f920a39c9b48a01255a92fe7ee2e9d8a7f5e9f600c24846eef69df
                              • Instruction ID: 4b28ed0844445e49e6b7d01dcd7fb4a4b2850d95342dcedf7fb979ea1496ed03
                              • Opcode Fuzzy Hash: 10e7350b22f920a39c9b48a01255a92fe7ee2e9d8a7f5e9f600c24846eef69df
                              • Instruction Fuzzy Hash: B0218D7250D3C49FEB13CB35DC54AA6BFA4EF47610F0984DADD858F263D225A908CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0536, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 05BA05B5
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: b50f874b87362e29b06314c14473b7758789bdda52b5c3e1a201fc91cb7f97f5
                              • Instruction ID: addf07de89757808ee005df29ff8e8554b22b0aff281352d3283574a93ad5155
                              • Opcode Fuzzy Hash: b50f874b87362e29b06314c14473b7758789bdda52b5c3e1a201fc91cb7f97f5
                              • Instruction Fuzzy Hash: F9219C72504604AFEB21DF65C888F66FBE8EF48210F1484AAEA858B251D771E404CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA06DC, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                              Download Yara Rule
                              APIs
                              • WriteFile.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 05BA076D
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: FileWrite
                              • String ID:
                              • API String ID: 3934441357-0
                              • Opcode ID: c31459c8ac97aa7333a22ffe847d55d12bf6b7bc4605cb54c8119bee78ece5b5
                              • Instruction ID: edfdfed14256885614cee92caec45ab6be9b5b32d87c2fa0bb683f82ab72b4af
                              • Opcode Fuzzy Hash: c31459c8ac97aa7333a22ffe847d55d12bf6b7bc4605cb54c8119bee78ece5b5
                              • Instruction Fuzzy Hash: 1F21A472409384AFD7228F65DC44F56BFB8EF46314F0884DBEA849B153C275A909CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00B0ABD5
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: Open
                              • String ID:
                              • API String ID: 71445658-0
                              • Opcode ID: 1a128b27e543db804f579f17290eca56cc98ef444eef1ef2e00753e19f40dee1
                              • Instruction ID: d385f429f3cf2ba10c47f76a552f1d5e4ea5fe05e727dd643cbefaee97af7bde
                              • Opcode Fuzzy Hash: 1a128b27e543db804f579f17290eca56cc98ef444eef1ef2e00753e19f40dee1
                              • Instruction Fuzzy Hash: 6B219F72500704AFE7219B15CC84F6BFBECEF04710F14885BEE459B281D664E8088B72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0448, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                              Download Yara Rule
                              APIs
                              • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05BA04DE
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: FileNameTemp
                              • String ID:
                              • API String ID: 745986568-0
                              • Opcode ID: 43c4cf452a605d5e78f0b9deca71fa697f1f1324e6a5fa32bd7b7292829147f7
                              • Instruction ID: aa3915046d8d6b18dcd56e122f59e929c6d53fa66a76a7366788bea2404caa15
                              • Opcode Fuzzy Hash: 43c4cf452a605d5e78f0b9deca71fa697f1f1324e6a5fa32bd7b7292829147f7
                              • Instruction Fuzzy Hash: 2921C2714093C06FD7128B25CC51F62BFB4EF87A20F0A81DBED849B653D224A919C7B2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0B99E, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                              Download Yara Rule
                              APIs
                              • CreateMutexW.KERNELBASE(?,?), ref: 00B0BA11
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: CreateMutex
                              • String ID:
                              • API String ID: 1964310414-0
                              • Opcode ID: 8ae3539508bb4e9a208dc79ec9871398cbba073373aeaad01801c440c7196ebc
                              • Instruction ID: 31f25d6748473411340c3f1810646bb024b831b69786ce7c0f9bcd9684f62f69
                              • Opcode Fuzzy Hash: 8ae3539508bb4e9a208dc79ec9871398cbba073373aeaad01801c440c7196ebc
                              • Instruction Fuzzy Hash: 3E218E71600244AFE720DF25C885F66FFE8EF04710F1484AAEE499B281D775E904CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA016A, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                              Download Yara Rule
                              APIs
                              • LsaOpenPolicy.ADVAPI32(?,00000E2C), ref: 05BA01DB
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: OpenPolicy
                              • String ID:
                              • API String ID: 2030686058-0
                              • Opcode ID: e4509cf32af4d5e529ff2c9031e68195865888be47568088a20a0bcc1bad26e5
                              • Instruction ID: f30c8087809b0d0f4aa30b539886e796ffdab4d02c002dcaa60ec3400c94b626
                              • Opcode Fuzzy Hash: e4509cf32af4d5e529ff2c9031e68195865888be47568088a20a0bcc1bad26e5
                              • Instruction Fuzzy Hash: CE21C372504304AFE721DF65DC44F6AFBECEF44710F14845AFE449B241D674A8088B71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0BAA6, Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                              Download Yara Rule
                              APIs
                              • GetTokenInformation.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 00B0BB10
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: InformationToken
                              • String ID:
                              • API String ID: 4114910276-0
                              • Opcode ID: c159655f757e513b2c86490b29e8f92df2fadcf0ffa336a17f533d7f92ae633c
                              • Instruction ID: d3f38ab4fffd75a17183e8a3df40cb855548eaa2b582d6bae6e94ee49924bb36
                              • Opcode Fuzzy Hash: c159655f757e513b2c86490b29e8f92df2fadcf0ffa336a17f533d7f92ae633c
                              • Instruction Fuzzy Hash: 29119D71500204AFEB218F65DC84FABBFECEF15320F1484ABEA499B251D674A8098B71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                              Download Yara Rule
                              APIs
                              • RegQueryValueExW.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 00B0ACD8
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: QueryValue
                              • String ID:
                              • API String ID: 3660427363-0
                              • Opcode ID: 43104eb0bebf4fa27f3a99c110bc62a92479c4317aa89cfc3cf1819a02abe049
                              • Instruction ID: 4024b991aee784f2e99f1d03bff55e932e8f62d5b88db83ad350e1a0a3e70d65
                              • Opcode Fuzzy Hash: 43104eb0bebf4fa27f3a99c110bc62a92479c4317aa89cfc3cf1819a02abe049
                              • Instruction Fuzzy Hash: E5218C71600704AFEB20CF15CC84FA7BBECEF14710F1489AAEA459B291D760E808CA72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0C99, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                              Download Yara Rule
                              APIs
                              • K32EnumProcesses.KERNEL32(?,?,?,EA0BAE34,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05BA0D0A
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: EnumProcesses
                              • String ID:
                              • API String ID: 84517404-0
                              • Opcode ID: 60599d78140faec0720b09fe7a8e108341055b92d70de596821ed497d6152b6e
                              • Instruction ID: 43e9e8723710861ffb58aa59f25274af85c119284879ce9c9b6ab073f992b9dc
                              • Opcode Fuzzy Hash: 60599d78140faec0720b09fe7a8e108341055b92d70de596821ed497d6152b6e
                              • Instruction Fuzzy Hash: EE2150765093849FD712CF25DC45A92BFE4EF06210F0984EAE985CF163D275A908CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0B265, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00B0B2E1
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadShim
                              • String ID:
                              • API String ID: 1475914169-0
                              • Opcode ID: 4596fe7e3ff5499e2c27945f801ac06b60d380a0e94cea4fbef138f045431a83
                              • Instruction ID: 9cc6a5032142e841065f006b3982dde472dd5a8eba11ef5c8023df1ae2553646
                              • Opcode Fuzzy Hash: 4596fe7e3ff5499e2c27945f801ac06b60d380a0e94cea4fbef138f045431a83
                              • Instruction Fuzzy Hash: 6E219075509384AFDB228E25DC45B62BFE8EF56314F1880DAED84CB293D365E908CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0FCD, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 05BA1041
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: a4ec69e174f8d66cee937efc413424decc68cb4020ba1b1e93755a7f954768ab
                              • Instruction ID: 5f6aa8203aac3a7dd46034ff7d2987e10a916db45d5e5e487e821466fbc9d809
                              • Opcode Fuzzy Hash: a4ec69e174f8d66cee937efc413424decc68cb4020ba1b1e93755a7f954768ab
                              • Instruction Fuzzy Hash: CF215C724093C0AFDB238F25DC44A52BFB4EF17210F0985DBE9848F163D265A958DB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B0A61A
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 55c8cef4dca0faad6a748361a57f97af9b9748246a58b4d6932aa9a3226d0b28
                              • Instruction ID: efc05156fda1fc071260708b92d1c2cfcf503643c2de9e87f316a72968b40240
                              • Opcode Fuzzy Hash: 55c8cef4dca0faad6a748361a57f97af9b9748246a58b4d6932aa9a3226d0b28
                              • Instruction Fuzzy Hash: 38118471409380AFDB228F55DC44A62FFF4EF4A310F0885DAEE858B162D275A918DB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0E86, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • TerminateProcess.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 05BA0EDC
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: ProcessTerminate
                              • String ID:
                              • API String ID: 560597551-0
                              • Opcode ID: 2196d5119498092107d66b40761e51ac20f7a37bd25e6395c53a8544e0805fdd
                              • Instruction ID: 7460c17a3f5d88439ed7a47ad4425e877312ac37a72abf90eb1bdd5638b2cd05
                              • Opcode Fuzzy Hash: 2196d5119498092107d66b40761e51ac20f7a37bd25e6395c53a8544e0805fdd
                              • Instruction Fuzzy Hash: 1011C672504604AFEB11DF25DC85F6BFB98EF45320F1484ABEE05DB241D674A904CB71
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA070E, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                              Download Yara Rule
                              APIs
                              • WriteFile.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 05BA076D
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: FileWrite
                              • String ID:
                              • API String ID: 3934441357-0
                              • Opcode ID: 5ad69691981ff58f5460932af4d8654ac7eb747e9b8493adab2a10fe82bfdd5c
                              • Instruction ID: 615b0ba3ba8a35c0b0b35962986472bf2c2d40a15ee5dd7ddfba146f6cbdefa1
                              • Opcode Fuzzy Hash: 5ad69691981ff58f5460932af4d8654ac7eb747e9b8493adab2a10fe82bfdd5c
                              • Instruction Fuzzy Hash: 4A11BF72404204EFEB22DF55DC88F66FBA8EF45320F1484ABEE459B251C274A408CBB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(?), ref: 00B0A6CC
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: ErrorMode
                              • String ID:
                              • API String ID: 2340568224-0
                              • Opcode ID: 1dd3e37b92fc9b511219e91591466ed34d76373e226b68427e49cd9e0462c443
                              • Instruction ID: 4cac9f2bbb0f18bfdde0b4b76a5155cfd8361fadbe8bcaf659caadb933fe2ca1
                              • Opcode Fuzzy Hash: 1dd3e37b92fc9b511219e91591466ed34d76373e226b68427e49cd9e0462c443
                              • Instruction Fuzzy Hash: 8C1159754093C49FDB138B25CC94A52BFB4DF17220F0E80DBD9858F1A3D2699948CB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A2D6, Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 00B0A32C
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 8f3a3d05f22cbcbb6d9c1cd9672ab41cf21057e23a8262721d7e3baf79fd0048
                              • Instruction ID: 6d8adce337935355143647870703e104d5da18d2d0236f439ab9a38869db0318
                              • Opcode Fuzzy Hash: 8f3a3d05f22cbcbb6d9c1cd9672ab41cf21057e23a8262721d7e3baf79fd0048
                              • Instruction Fuzzy Hash: 6F119471509380AFDB128F25DC94B56BFE4DF46620F0884EBED858F652D2759908CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA064E, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                              Download Yara Rule
                              APIs
                              • GetFileType.KERNELBASE(?,00000E2C,EA0BAE34,00000000,00000000,00000000,00000000), ref: 05BA06A1
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: FileType
                              • String ID:
                              • API String ID: 3081899298-0
                              • Opcode ID: 38f49675d6c2d9d590167dc3c819311dfcbd16f900dad5cbe232202f42639eab
                              • Instruction ID: 0032e4139402dedf66db6307e95550d0ec1b336a43288b59390a1a9300998816
                              • Opcode Fuzzy Hash: 38f49675d6c2d9d590167dc3c819311dfcbd16f900dad5cbe232202f42639eab
                              • Instruction Fuzzy Hash: EE01D272504604AFE720DF1ADD89F6BFFA8EF85724F14C497EE059B241D6B4A4088AB1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA0CCA, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              • K32EnumProcesses.KERNEL32(?,?,?,EA0BAE34,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05BA0D0A
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: EnumProcesses
                              • String ID:
                              • API String ID: 84517404-0
                              • Opcode ID: e17ad7cf84316b409a989837c318adc74d929ec46acf0596f9f1a66fac1140ff
                              • Instruction ID: 068ad3d4123b76ab2c9f2119a08ba7ddf51e68796a8b40ff6a14724fd1abfd83
                              • Opcode Fuzzy Hash: e17ad7cf84316b409a989837c318adc74d929ec46acf0596f9f1a66fac1140ff
                              • Instruction Fuzzy Hash: A011C4765043489FDB10DF25D889B66FFE4EF04220F08C4AADD49CB211D675F408CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: 64dc9543a777dc0eadf3c87e46ca21366a8c368fa0585d21ee099559bb08dac2
                              • Instruction ID: 90ade16b0a0559738b90e020c3c0ee49deffabd2cf4a0d0fe873e839c4ace2b7
                              • Opcode Fuzzy Hash: 64dc9543a777dc0eadf3c87e46ca21366a8c368fa0585d21ee099559bb08dac2
                              • Instruction Fuzzy Hash: 06117C31509784AFD7228F15DC84A52FFF4EF06720F08C4DAEE854B2A2D275A918CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA091A, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON
                              Download Yara Rule
                              APIs
                              • DeleteFileW.KERNELBASE(?), ref: 05BA0954
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: DeleteFile
                              • String ID:
                              • API String ID: 4033686569-0
                              • Opcode ID: 34f8a8cc48224cf41373a4170e957b00106dbd4242653f28d2536094b479ce5d
                              • Instruction ID: 73414c91aa639bca3896f9775a3e23fad2e27624fde461ce49d64ff96c42a8a7
                              • Opcode Fuzzy Hash: 34f8a8cc48224cf41373a4170e957b00106dbd4242653f28d2536094b479ce5d
                              • Instruction Fuzzy Hash: E20171726082449FEB10DF29D889766FFD8EF44320F18C4AADD49CB252D675E848CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA048E, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                              Download Yara Rule
                              APIs
                              • GetTempFileNameW.KERNELBASE(?,00000E2C,?,?), ref: 05BA04DE
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: FileNameTemp
                              • String ID:
                              • API String ID: 745986568-0
                              • Opcode ID: 5fd20b26e006a10c966c0321eaf78ff8db2da22ef6948fc8db67bc14e372dfae
                              • Instruction ID: 93d6f85489de7796e6a3aaf68642eda393309130a3085bec906f1df0d33090b9
                              • Opcode Fuzzy Hash: 5fd20b26e006a10c966c0321eaf78ff8db2da22ef6948fc8db67bc14e372dfae
                              • Instruction Fuzzy Hash: A5017172500600ABD710DF16DC85F36FBA8FB88B20F14856AED089B741E735F915CBA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0B296, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                              Download Yara Rule
                              APIs
                              • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00B0B2E1
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: LibraryLoadShim
                              • String ID:
                              • API String ID: 1475914169-0
                              • Opcode ID: 5b65bc5c7ea02e7cbf0af5077dd7670eea48fd8ba570a537f29817599dd770bd
                              • Instruction ID: 7e9beeb65804bae06e636fc9d2c42262710468edd21525ed82b908f049269eba
                              • Opcode Fuzzy Hash: 5b65bc5c7ea02e7cbf0af5077dd7670eea48fd8ba570a537f29817599dd770bd
                              • Instruction Fuzzy Hash: D1015E755006049FDB20DF19D885B26FFE8EF14720F1880AADD499B292D375E808CB72
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                              Download Yara Rule
                              APIs
                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B0A61A
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: DuplicateHandle
                              • String ID:
                              • API String ID: 3793708945-0
                              • Opcode ID: 1977897d50acf881ab268b6b83cfefc8f3320a29feb1096b5829ae21fc643af2
                              • Instruction ID: 52734ed10996df4c56f25d2c73e5969cf4ed24d33e75e4649091df6853cad9ae
                              • Opcode Fuzzy Hash: 1977897d50acf881ab268b6b83cfefc8f3320a29feb1096b5829ae21fc643af2
                              • Instruction Fuzzy Hash: 42016972400700EFDB218F55D884B56FFF4EF48720F18C9AAEE494B662D276A418DF62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                              Download Yara Rule
                              APIs
                              • FindCloseChangeNotification.KERNELBASE(?), ref: 00B0A32C
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: ChangeCloseFindNotification
                              • String ID:
                              • API String ID: 2591292051-0
                              • Opcode ID: 3dfb3fc60a12c951356e8c78c98417475cd059f0374e87702cd04cb19d4d40e6
                              • Instruction ID: 63d1b96fe098a0547f1281a390aca9fec91252a5a4207bd9c8308b91b65cba80
                              • Opcode Fuzzy Hash: 3dfb3fc60a12c951356e8c78c98417475cd059f0374e87702cd04cb19d4d40e6
                              • Instruction Fuzzy Hash: D8018F719043409FDB108F29D885766FFD4EF44720F18C4ABDD498B252D675A808CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 05BA1006, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                              Download Yara Rule
                              APIs
                              • PostMessageW.USER32(?,?,?,?), ref: 05BA1041
                              Memory Dump Source
                              • Source File: 0000000A.00000002.301195433.0000000005BA0000.00000040.00000001.sdmp, Offset: 05BA0000, based on PE: false
                              Similarity
                              • API ID: MessagePost
                              • String ID:
                              • API String ID: 410705778-0
                              • Opcode ID: 8365476dcf5d8a94a41821f568b556e31621dc1f102d4de48a3cc5059a7e3393
                              • Instruction ID: 765be837dfae1f91e489fa99adccba44bcb7aaa1f232318da501c2ce5c32a8a1
                              • Opcode Fuzzy Hash: 8365476dcf5d8a94a41821f568b556e31621dc1f102d4de48a3cc5059a7e3393
                              • Instruction Fuzzy Hash: 38018B36404640DFDB20CF19D984B26FFA0EF08320F08C09ADE890B212D3B6A418CBB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: LongWindow
                              • String ID:
                              • API String ID: 1378638983-0
                              • Opcode ID: fc1f762860a6d0026a943a50d58ea3c0cbad5b49119f2f93472ae44f2161a7c7
                              • Instruction ID: dc673137e65802c2d9d1f6d9e68b56804a50e8e912ca8842939f6c6f9867c905
                              • Opcode Fuzzy Hash: fc1f762860a6d0026a943a50d58ea3c0cbad5b49119f2f93472ae44f2161a7c7
                              • Instruction Fuzzy Hash: 7401A931600704DFDB208F15D984B26FFE0EF08720F18C4AADE490B292D2B5A808DFB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B0A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                              Download Yara Rule
                              APIs
                              • SetErrorMode.KERNELBASE(?), ref: 00B0A6CC
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265307798.0000000000B0A000.00000040.00000001.sdmp, Offset: 00B0A000, based on PE: false
                              Similarity
                              • API ID: ErrorMode
                              • String ID:
                              • API String ID: 2340568224-0
                              • Opcode ID: 34667545bf82c327c204bdd10fd4af9b3259abe3870ae9fe0241a85f2d24d64a
                              • Instruction ID: 83196567c206ef233f2f23e1b62e73e44a7f11b86146d9aab01c7586a052b971
                              • Opcode Fuzzy Hash: 34667545bf82c327c204bdd10fd4af9b3259abe3870ae9fe0241a85f2d24d64a
                              • Instruction Fuzzy Hash: 43F08C349007449FDB109F15D884762FFE0EF04320F18C4DADE494B256D2BAA848DA62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680599, Relevance: 1.4, Strings: 1, Instructions: 178COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r
                              • API String ID: 0-1441432688
                              • Opcode ID: 41c7417232eba5ec50a3e0b8a2c0b05d0094df694ec669b712959a95189e9b4c
                              • Instruction ID: ef9a5d7a1682462a63f53460be8cdbe151d4fa78745685e3319448bfe9e2f27d
                              • Opcode Fuzzy Hash: 41c7417232eba5ec50a3e0b8a2c0b05d0094df694ec669b712959a95189e9b4c
                              • Instruction Fuzzy Hash: 00710874D01218CFEB54DFA9C854BADBBF2BF49310F1095A9D505AB3A0DB709985CF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689C18, Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r
                              • API String ID: 0-1441432688
                              • Opcode ID: ff9e3a850fa596efcca5accf9c2c343c43fd45c027fff0a2687793e662bd8485
                              • Instruction ID: 694120d28994b89a46fabaa8dfd006379c79f4db63531fe82cbcdbff162e7acf
                              • Opcode Fuzzy Hash: ff9e3a850fa596efcca5accf9c2c343c43fd45c027fff0a2687793e662bd8485
                              • Instruction Fuzzy Hash: 9D71BFB4E01208DFEB08EFA5D958AADBBB2FF49301F208169D906B7354DB351941CF55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02688B88, Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: #
                              • API String ID: 0-1885708031
                              • Opcode ID: 70980ba9bf940e8418c3f109636a047027b6b6a83301fcc20a0fba53b1fc04c0
                              • Instruction ID: 2c18e154f1df23c2869081654f71bd31490ed010a3d4966dd45c8fe896cbf210
                              • Opcode Fuzzy Hash: 70980ba9bf940e8418c3f109636a047027b6b6a83301fcc20a0fba53b1fc04c0
                              • Instruction Fuzzy Hash: F55105B1C0525CCFEB18EFA1D94C7AEBBB1BB09305F909659C10577284CBB80689CF95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02681297, Relevance: .2, Instructions: 174COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 035d4385baa573cd8c026e4be14419c6de2ac735b56c6df94de338ac7ed6b546
                              • Instruction ID: 59da925e3afcdc2ab998000d5130942df645be21e7a684ba712338c367521d4c
                              • Opcode Fuzzy Hash: 035d4385baa573cd8c026e4be14419c6de2ac735b56c6df94de338ac7ed6b546
                              • Instruction Fuzzy Hash: CA71E6B4D05208DFCB04EFA9D594AADBBF2FF4A305F2085AAD409AB361DB305946CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B02477, Relevance: .2, Instructions: 169COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265262010.0000000000B02000.00000040.00000001.sdmp, Offset: 00B02000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2446b4bbc6c56dca065fad08008de3113a71bdbc2e1c5bf41e1045b30d1c2d86
                              • Instruction ID: 7b6b842aa17fc3e688bdcfca90e53e7bc0ff0e1f6e1a56abfb65f8cc33bb8c08
                              • Opcode Fuzzy Hash: 2446b4bbc6c56dca065fad08008de3113a71bdbc2e1c5bf41e1045b30d1c2d86
                              • Instruction Fuzzy Hash: 4A51D2A6D0E7D18FDF174B206C3D198BFF26A7730031A04CBD4959B2E3E115480E8B69
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02681C29, Relevance: .2, Instructions: 162COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 68813bfaa8f61d4fe1036c44f629fdd06635ee61ab39171fcea639187143e407
                              • Instruction ID: f525c7ef1bcf032955dfe739575aac79fbfc86f734441562196881b57c1424e4
                              • Opcode Fuzzy Hash: 68813bfaa8f61d4fe1036c44f629fdd06635ee61ab39171fcea639187143e407
                              • Instruction Fuzzy Hash: 3F612BB4D00248CFDB04EFAAC4907EDBBB1FF5A325B649695E418AB395D7309942CB50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680C01, Relevance: .1, Instructions: 128COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6a95dbc2326d26a417e1cf7cd59351309dfa454406be2e5827e8459baf90d180
                              • Instruction ID: aa84ef2bd468926b4e737839800a4172fad06895870a4c34b8a277710bccc838
                              • Opcode Fuzzy Hash: 6a95dbc2326d26a417e1cf7cd59351309dfa454406be2e5827e8459baf90d180
                              • Instruction Fuzzy Hash: 0551F3B0D01248DFDB08DFAAD5846EDFBB2BF88304F1495AAD405A7254EB355A4ACF50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680270, Relevance: .1, Instructions: 125COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8eaaeca8fafa497ca18bd6a238a9c02e7f7619a4f2bef06809756c025e847094
                              • Instruction ID: 8ce24be7edc04f137c7d0913c441914357d0599ffb032978064fe8b82aa1269f
                              • Opcode Fuzzy Hash: 8eaaeca8fafa497ca18bd6a238a9c02e7f7619a4f2bef06809756c025e847094
                              • Instruction Fuzzy Hash: 4451BD78A04219DFDB00DFA8C880BADBBF1EF4E310F1055A5E902AB3A1D774A955DF61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680280, Relevance: .1, Instructions: 113COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 853efe5050bdfe2ad0ebede9bbdd09e8e1fd76cd11a854e69a7a917bc872bcbf
                              • Instruction ID: 31eb1407e77de2867969dfb68b33060e1ee5e6c1e5e1bd873dacb33685fd8a86
                              • Opcode Fuzzy Hash: 853efe5050bdfe2ad0ebede9bbdd09e8e1fd76cd11a854e69a7a917bc872bcbf
                              • Instruction Fuzzy Hash: 35419E78A00219DFDB14DFA8C880BADBBF1BB4D310F1059A5E902AB3A0D774A954DF64
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A6D8, Relevance: .1, Instructions: 95COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 74747ff764fc2a0c2fab29afb7006b309e393c99343eef1cbfc3eaf773dea21f
                              • Instruction ID: 6b4beb1fad0bed5cfcead0ec96ebbbb836dea497dbf0c2c0a03ccad696d4b93b
                              • Opcode Fuzzy Hash: 74747ff764fc2a0c2fab29afb7006b309e393c99343eef1cbfc3eaf773dea21f
                              • Instruction Fuzzy Hash: 85318EB6509304AFD310CF09EC41E57FFE8EB89760F14C96EFE499B211D275A9048BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A806, Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b36813d50a2ea0a8183a30d3482cea9ced43c8abc196975261827b45560e3ac8
                              • Instruction ID: 009c8d252d6c30335028c9b0ca3ab99866c070923a69ef5abd1ba8dff70084d3
                              • Opcode Fuzzy Hash: b36813d50a2ea0a8183a30d3482cea9ced43c8abc196975261827b45560e3ac8
                              • Instruction Fuzzy Hash: 0A2191B6509340AFD310CF09EC45E57FFE8EB89720F14C86EFE489B211D275A9048BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A930, Relevance: .1, Instructions: 91COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dd4efc5834d77bf8652d8235bf5dcffbdbd498f862b514ebd45e0fe151611afa
                              • Instruction ID: 320bb48360f44b5c0f3aada6912f8d1bb2b9639693701e21afac1580bd8b6c13
                              • Opcode Fuzzy Hash: dd4efc5834d77bf8652d8235bf5dcffbdbd498f862b514ebd45e0fe151611afa
                              • Instruction Fuzzy Hash: 9621C1B6509340AFD311CF09EC45E57FFE8EB89620F18C96EFD8997211D275A9048BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A5AC, Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0c98fd5e87959d45ede9f4a0319652bdde6ba6db7d6951f93a7ad052cbd65aff
                              • Instruction ID: f911c332aa3384d66d10cacbfc804edea655c30bc83795c9fb4e17f62047720b
                              • Opcode Fuzzy Hash: 0c98fd5e87959d45ede9f4a0319652bdde6ba6db7d6951f93a7ad052cbd65aff
                              • Instruction Fuzzy Hash: DE21E2B6504300BFD7118E05AC41E93FFE8EB85730F14C46AFE499B211D275A9048BB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A394, Relevance: .1, Instructions: 86COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e46097882274f581ce41c8f26b51724c8bf780796edbc4bdf06bfc457f9e81a4
                              • Instruction ID: eba1f40a5a4f6da546685572c7db4db318cc6cb3aa2b4f052bdfce102d1bac8b
                              • Opcode Fuzzy Hash: e46097882274f581ce41c8f26b51724c8bf780796edbc4bdf06bfc457f9e81a4
                              • Instruction Fuzzy Hash: 2421B2B6508344BFD7118E06EC41E67FFE8EB85670F18C86AFD495B211D275A9048BB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1AAB4, Relevance: .1, Instructions: 83COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7f59d647e8250b45031edcb9e806b092c2b146fbd5500a3180d012fe40d01698
                              • Instruction ID: 338ad6baba10484769f7462e26597ab1d35f315624cf95680ebf3e6bd3c5a229
                              • Opcode Fuzzy Hash: 7f59d647e8250b45031edcb9e806b092c2b146fbd5500a3180d012fe40d01698
                              • Instruction Fuzzy Hash: 96313CB550E3C19FD302CF258850956BFF4EF8A614F1988DFE9C8DB252D275A908CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A17C, Relevance: .1, Instructions: 77COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 73981458dad9b3eabd3821c34b2ce759b8f9f6958df5600497c6638f10eebe3c
                              • Instruction ID: 62e452d7d5a1a70da18ce4e8bd06cfd25c2266dae7e4e4879f0c4eda367eb4fb
                              • Opcode Fuzzy Hash: 73981458dad9b3eabd3821c34b2ce759b8f9f6958df5600497c6638f10eebe3c
                              • Instruction Fuzzy Hash: 6521DB776057406FD7118F05AC45E63FFA8EB85630F18C4AFFD495B242D276A5048BB2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A82E, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8941eed4ae1d6aa4fec5a76bb066bb7f2a3bb699ef5d61cd31a498367bcf50ff
                              • Instruction ID: c4b58741c9a400291f79ccae91ab458af560378599ab39cb2b64ce916d42d724
                              • Opcode Fuzzy Hash: 8941eed4ae1d6aa4fec5a76bb066bb7f2a3bb699ef5d61cd31a498367bcf50ff
                              • Instruction Fuzzy Hash: A1212CB6644304AFD610CF4AEC41E57FBE8EB88630F14C96EFD5897311D275E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A95A, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ca12fb0a675edb28fd5da18571ced8206a14f35a56c1ba00a54e754640f5406a
                              • Instruction ID: e55576fecaf21456b40c73181450398e9279a47c6aab2295a697f6801671833f
                              • Opcode Fuzzy Hash: ca12fb0a675edb28fd5da18571ced8206a14f35a56c1ba00a54e754640f5406a
                              • Instruction Fuzzy Hash: 50214CB6604300AFD210CF0AEC41E57FBE8EB88630F14C96EFD4897301D275E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A702, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b21549be1a8b279f746b21ae9dfbe52f79939752cd4d9f1f17bd742fda758c24
                              • Instruction ID: b45a9a99ad5ebd1fadd45d30a0ee8c072e2482446a7fcd204ed2ad227d67007d
                              • Opcode Fuzzy Hash: b21549be1a8b279f746b21ae9dfbe52f79939752cd4d9f1f17bd742fda758c24
                              • Instruction Fuzzy Hash: 85214CB6644300AFD610CF0AEC41E57FBE8EB88A30F14C96EFD4897301D275E9148BA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680006, Relevance: .1, Instructions: 75COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4598200386f35302a9f2c2fdb3f327386c45e97d6abdeb6ae7efe416cbe2b207
                              • Instruction ID: b54d726344ff3c88b209c577007715a08370f7751bbb567feee8051f8b45dbfe
                              • Opcode Fuzzy Hash: 4598200386f35302a9f2c2fdb3f327386c45e97d6abdeb6ae7efe416cbe2b207
                              • Instruction Fuzzy Hash: B621C86184E3C55FD3079B744C6ABAA7FB09F17204F5A59DBC080EB1E3C668480DCBA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A3BE, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0652f7f7bd07f78a44ec4685fa77615b3661885604be5eb500d6c8a463bf5383
                              • Instruction ID: 81902201d2fafeb27d4333408f2cd1088dc8b6894f9eb0dad63e47e7a32af69c
                              • Opcode Fuzzy Hash: 0652f7f7bd07f78a44ec4685fa77615b3661885604be5eb500d6c8a463bf5383
                              • Instruction Fuzzy Hash: 05119376644304BFD6108F0AEC41E67FBE8EB88630F14C56AFD085B211D276B9148AA6
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A5D6, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e5742de267158db80cbe98b3bf7827d9acff20ad649240eb8298efe35d8ce204
                              • Instruction ID: 0c7076c7e865782752c1b4dfeadefb20377c6d93da708d09699957c49ca25085
                              • Opcode Fuzzy Hash: e5742de267158db80cbe98b3bf7827d9acff20ad649240eb8298efe35d8ce204
                              • Instruction Fuzzy Hash: F3119376644304BFD6108F0AEC41E67FFE8EB88670F14C56AFD085B211E276B9148AA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026809D9, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cacb618262e965590995f6eb99c89bbab173cc83f3f352bf7ad79e6e9c435c45
                              • Instruction ID: 819fd7d17fead848d69ead1484c018edba71f861f4ffc3e20eb6ba887f90b6ca
                              • Opcode Fuzzy Hash: cacb618262e965590995f6eb99c89bbab173cc83f3f352bf7ad79e6e9c435c45
                              • Instruction Fuzzy Hash: EA213930940209DFCB04EFA4D956AAEBBB1FF85300F5085A9D805A73A1CF305E55CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A62C, Relevance: .1, Instructions: 65COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a68bae09ca129049fd81b95a316a034c438c74c51752fa56e7731fb747e8808f
                              • Instruction ID: 749af6ad71ac54247b8da7db33a57909a2ead6bc22d657e46b6c2ef2db45e225
                              • Opcode Fuzzy Hash: a68bae09ca129049fd81b95a316a034c438c74c51752fa56e7731fb747e8808f
                              • Instruction Fuzzy Hash: 07215EB550D380AFD702CF15DC51957BFF4EF86620F0989DEF9889B252D235A908CB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A1A6, Relevance: .1, Instructions: 64COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b38b0b5e6cbad49e7b5cdd7fa907ec68c1af2b343c2f8f411b79cb264054a145
                              • Instruction ID: 419293ac79af961bf9e75b4ce076cf6b300b1f350e22f13c3d1611ff68411fdc
                              • Opcode Fuzzy Hash: b38b0b5e6cbad49e7b5cdd7fa907ec68c1af2b343c2f8f411b79cb264054a145
                              • Instruction Fuzzy Hash: A011C672640204BFD6108E0AEC45E63FFA8EB84A30F18C56BFE095B201D276B9148BB5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026809E8, Relevance: .1, Instructions: 63COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b268cf0c71d6e024a29c72488744f74677fcb4746f44940115272245a36f1a60
                              • Instruction ID: 5726bca002298c32f9f12b8168c9d4a48307cb5c06b3a3806df6b5cfafaeacbf
                              • Opcode Fuzzy Hash: b268cf0c71d6e024a29c72488744f74677fcb4746f44940115272245a36f1a60
                              • Instruction Fuzzy Hash: 56213534E40209DBCB04EFA8D989AEEBBB1FF88300F5045A9D90167394DF305E55DB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026A0726, Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.270126530.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a6ac4b1131e269fa6b5a52c2aaa07d36410873b001e71b448242a75cd613e0a5
                              • Instruction ID: 016bd91ee5d5b27db99d88fd9aaaf34b32ed39e8783856321c6679e3454b2eef
                              • Opcode Fuzzy Hash: a6ac4b1131e269fa6b5a52c2aaa07d36410873b001e71b448242a75cd613e0a5
                              • Instruction Fuzzy Hash: CC217C315093C09FC7079B20C860B55BFB1AF47304F1985EED4899B6A3C33A8806CF62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026A075C, Relevance: .1, Instructions: 59COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.270126530.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e8f6337f89d134043f6a98d6eabc73bb746644bfe146e366a351d841ecfc5a7
                              • Instruction ID: ccea3c467271a0321d5dfac9961c1d1d98f15c1f85a2182ac57991384df3a686
                              • Opcode Fuzzy Hash: 0e8f6337f89d134043f6a98d6eabc73bb746644bfe146e366a351d841ecfc5a7
                              • Instruction Fuzzy Hash: C911B134204284EFD715CB24C994B26BBE5EB89B08F24C9ADE9491B753C77BD803CE51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026800F8, Relevance: .1, Instructions: 58COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4f4e2f9085beb181bd8e9194def9a7e5017898bada2ba45b76babb3c2e713d28
                              • Instruction ID: eebb46431618b881f6a7b13e673dbe218526d29322173e6d858a804e71adab38
                              • Opcode Fuzzy Hash: 4f4e2f9085beb181bd8e9194def9a7e5017898bada2ba45b76babb3c2e713d28
                              • Instruction Fuzzy Hash: 0D215E30A0124ECFCB04EBA8D9555DDBFB5FF44304B5081AAD901A73A5EF715E49CB92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1AAF5, Relevance: .1, Instructions: 56COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 40d683b079b2afd65c7f7ec080cbfab53dc5cc1584f3d2ff79556b9ebd16cf34
                              • Instruction ID: 0ec751a29f225cc6bfd32ce3a3d21c51655a88de5803e92413d9317521121ea1
                              • Opcode Fuzzy Hash: 40d683b079b2afd65c7f7ec080cbfab53dc5cc1584f3d2ff79556b9ebd16cf34
                              • Instruction Fuzzy Hash: BC11E9B5A08301AFD340CF19D881A5BFBE4FB88660F04892EF998D7311D375E9048FA2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A104, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 719af68eb072fff01791a5c349868d26aa66d251c14c8f275df5f7883e492751
                              • Instruction ID: 4a37ac5777f28dcaad5c8408ca362803073a6bb102e8f25f85f98c0ed4d85e7b
                              • Opcode Fuzzy Hash: 719af68eb072fff01791a5c349868d26aa66d251c14c8f275df5f7883e492751
                              • Instruction Fuzzy Hash: 7101D47150E3C06FD7134B269C55AA3BFB8DF43660F1884CBEA889F193D2566909C7B2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680108, Relevance: .0, Instructions: 50COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 41e44b06fee18878326f0a1ce99c1cbb600d47b217fa383306bea79c4226a40a
                              • Instruction ID: a34471f0afd0663b8e3b95349eba7893dbf206e6bae51d78dec2a7f7d548d860
                              • Opcode Fuzzy Hash: 41e44b06fee18878326f0a1ce99c1cbb600d47b217fa383306bea79c4226a40a
                              • Instruction Fuzzy Hash: 03111C30A0110ECBCB04EBA8D9455DDBBB5FB84308B5081B9D901A73A5EF715E49CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680AC8, Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1762fb3e5c760322888ef71ecfd5b956b3e51b269cc841aaae6347b6a7a43def
                              • Instruction ID: 9600e6786c388c53dbda239f71ef4e96b63f5db7a7484450ea601aa17577183c
                              • Opcode Fuzzy Hash: 1762fb3e5c760322888ef71ecfd5b956b3e51b269cc841aaae6347b6a7a43def
                              • Instruction Fuzzy Hash: 8E017C7482E3C4DFCB06DB7098605997FB5AF4B205B1981EBD840CB2A3D6350D1ACB62
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026A05CF, Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.270126530.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cd47ff255e9aaa332c8e33bc68bdcddb00d393ed9a6703447d7e6e419b7f7a21
                              • Instruction ID: 52b516e3238a9839aabbfc68c13d0a9320039552890c5652e1962357521f9cea
                              • Opcode Fuzzy Hash: cd47ff255e9aaa332c8e33bc68bdcddb00d393ed9a6703447d7e6e419b7f7a21
                              • Instruction Fuzzy Hash: 4201A9B65097806FD7128F16EC40863FFB8DF8A620709C49FED898B612D225A905CB76
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026803E8, Relevance: .0, Instructions: 40COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 57317383e6e2d99eedb6247c44d2a43829c3f93fabe5035d6b77c1d0d31dabbd
                              • Instruction ID: 485ee2e9dd3c3f20f01ba009606d36279bb963c49054f9b1ff232714fe3fac9a
                              • Opcode Fuzzy Hash: 57317383e6e2d99eedb6247c44d2a43829c3f93fabe5035d6b77c1d0d31dabbd
                              • Instruction Fuzzy Hash: 00F0CD2094A2489FC308D7B08860EEF7BB78FCA200FA498A9800027296CE345E05E699
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680DA2, Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 325f24427034ee5fadf07a166ec3e8cfb77f1dac734c9ebf0ecb48cb9eb9f1f4
                              • Instruction ID: 64c3035196e35d18edf0f92e651a2dc6ebcb83910acb2410fac3257a6a1f051a
                              • Opcode Fuzzy Hash: 325f24427034ee5fadf07a166ec3e8cfb77f1dac734c9ebf0ecb48cb9eb9f1f4
                              • Instruction Fuzzy Hash: 0D012874D09388DFCB06DFA4C891AAEBFB5EF41314F10869AC425BB292DB341A04CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268122E, Relevance: .0, Instructions: 36COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 48ec2eacb74cdc5f7dc0ccdd6228c4d9bd58cf65e9101074de3d7685c62ce848
                              • Instruction ID: e074a8bf26abb7abdeb62c1e3f7b6527f7346399e58a311ca5921c808353cde5
                              • Opcode Fuzzy Hash: 48ec2eacb74cdc5f7dc0ccdd6228c4d9bd58cf65e9101074de3d7685c62ce848
                              • Instruction Fuzzy Hash: 25018CB0901248DFDB04EF94C298A9DBBB5EB06305F1482D4D408A7361C730D981CF56
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02681230, Relevance: .0, Instructions: 35COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1edb74b14825fca44a63b50745a344e8112143ee82bdd3e94b6ea1563ab8edcf
                              • Instruction ID: f1ddb7493e14df066b2902c664200f85585e44cbdb5625080318509e6126f887
                              • Opcode Fuzzy Hash: 1edb74b14825fca44a63b50745a344e8112143ee82bdd3e94b6ea1563ab8edcf
                              • Instruction Fuzzy Hash: 6BF04FB0905248DFDB14EF94D298A9DFBB5FB06305F1482D5D408A7361C770D981DF56
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680E10, Relevance: .0, Instructions: 34COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: bafe6ff8a3721395da5f8ee8020f966a1ccf38d9846b802acb05839f59b8310e
                              • Instruction ID: e9ba58ca341245862a452ab2d24ddaa912b7fd1b5e3f3b5ec3343c97b9197596
                              • Opcode Fuzzy Hash: bafe6ff8a3721395da5f8ee8020f966a1ccf38d9846b802acb05839f59b8310e
                              • Instruction Fuzzy Hash: 09F06D70D0524CAFD704DFA4CC05AAEBFB5AF46300F1094AAD800A33A1CB306A95CF95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680070, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3cedd8c0b2f56cb68b69aac9147415257b73a39519ec6a931c0e9d98c5a8f5c8
                              • Instruction ID: 3a0727e6c90d73390b7953f014d723e2e5afd45c0a258334f61e52cbcd8ffa6a
                              • Opcode Fuzzy Hash: 3cedd8c0b2f56cb68b69aac9147415257b73a39519ec6a931c0e9d98c5a8f5c8
                              • Instruction Fuzzy Hash: ABF08C70D012499BEB68AFB8C8557EFBBF4EB49704F10192AC001B3380DA7559088BE4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680531, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 54c5c24c3e89c252133cc0ceb097b920bc2e31c329400d9ccf3d78a1259a6199
                              • Instruction ID: 1356a1e67264e739ff3fc04c5ccfe2bbd668638b74ec127d3469cdd152cef58d
                              • Opcode Fuzzy Hash: 54c5c24c3e89c252133cc0ceb097b920bc2e31c329400d9ccf3d78a1259a6199
                              • Instruction Fuzzy Hash: 33013C78909248DFCB00DBA8C94499DBBF0FB05300F5486DAE804A7351D770AE55CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680450, Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: becab40bf93666342cf6bda813f69ab97db457fb2d7acaffb9bd9ba3c0152536
                              • Instruction ID: 72bf600232957e91a18d6ea1d82f8742da3a284668dc8be6af84e3390b4f5246
                              • Opcode Fuzzy Hash: becab40bf93666342cf6bda813f69ab97db457fb2d7acaffb9bd9ba3c0152536
                              • Instruction Fuzzy Hash: 3FF03A74C06348DFC705DFB8C8045ADBFB1EB46201F508AAAC440A33A2DB759A15CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026803F8, Relevance: .0, Instructions: 32COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5f76f4d7c15d5c5b71040459c572e7e6213649ac3b58d63c8ca0f4862d491a21
                              • Instruction ID: ce97f7be4fd2b970203413dc8b698bd40e46b6dff4cc11f1bc39fa4b97fd0ddb
                              • Opcode Fuzzy Hash: 5f76f4d7c15d5c5b71040459c572e7e6213649ac3b58d63c8ca0f4862d491a21
                              • Instruction Fuzzy Hash: ACF01C30A42208DBD708DBF5C540EEFB3BBDFD9204F909C98800123284CE756E05A998
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680DB8, Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d6172ea73c53aa80b9baae4cf741fa724b017a0f81fad7a8e1647920ff454f8f
                              • Instruction ID: 09a89bbbd9d3eeb3174897021e29cfe768b8c7d4f44fff3fa0d6fe8e50196887
                              • Opcode Fuzzy Hash: d6172ea73c53aa80b9baae4cf741fa724b017a0f81fad7a8e1647920ff454f8f
                              • Instruction Fuzzy Hash: E5F0F974D04209DFCB04DFE9D841AAEBBB4AB44304F10866A9424B7390DB301A00DFD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026A0818, Relevance: .0, Instructions: 31COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.270126530.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                              • Instruction ID: 0ba5f26c23e2356757b4fd47d6ee6d2666babaab86ad8f44257aa2615ec3d120
                              • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                              • Instruction Fuzzy Hash: 05F01D35108644DFC705CF40D980B15FBA2EB89718F24C6ADE9490B752C337D813DE81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02682402, Relevance: .0, Instructions: 30COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2a2713b9baa14b2a1fcd28dfee37ef3e30664cd1d166a2d7139efa3c6147a04d
                              • Instruction ID: 6b6b87305fad8bcef32e0fe09fe982c24f5cd6f729d4f9fcb986e1c2fc790f6c
                              • Opcode Fuzzy Hash: 2a2713b9baa14b2a1fcd28dfee37ef3e30664cd1d166a2d7139efa3c6147a04d
                              • Instruction Fuzzy Hash: 1701D674900259CFEB28EF65EA94B9CBBB1FB09305F1085A5DA09E7354DB309D80DF60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680221, Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 86c38174dcfc210605a92ab724db93ebb4d77af8d03019935a3d887fcb7fa523
                              • Instruction ID: 0f9022c6a5f1516fe2feddab783f70ac748b1928fadb8a89ee27e9535d2b7ceb
                              • Opcode Fuzzy Hash: 86c38174dcfc210605a92ab724db93ebb4d77af8d03019935a3d887fcb7fa523
                              • Instruction Fuzzy Hash: F3F0A03480D348DFCB05EBA899525ADBFB5AB46300F1081EAD844D33A2D6755959CB82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689EF0, Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0bb7d97b3ecf28fc3e9c14e466d3ce1fa74274d5acb7619f563df0dbf660d8c5
                              • Instruction ID: 333d4c8043604d25e9b6c75f007dd953432612fcc48284933d729a712e29a782
                              • Opcode Fuzzy Hash: 0bb7d97b3ecf28fc3e9c14e466d3ce1fa74274d5acb7619f563df0dbf660d8c5
                              • Instruction Fuzzy Hash: 54F0D478D05209EFDB18EFA6E9486BDBBB9FB48301F1085AAD905A3344DB345A01DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026A05F6, Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.270126530.00000000026A0000.00000040.00000040.sdmp, Offset: 026A0000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9b336e29122f2cb9a386ffdd2d89268935844bff198057ec2b72397bb85eb98a
                              • Instruction ID: 6c342638a400aced12b5bf37ad3743e877865fa0f7889c06999990b89f9a1bd4
                              • Opcode Fuzzy Hash: 9b336e29122f2cb9a386ffdd2d89268935844bff198057ec2b72397bb85eb98a
                              • Instruction Fuzzy Hash: 14E092766006008BD650CF0BEC41452F7D8EB88630B18C07FDD0D8B700E239F504CEA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A8E7, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 798726a1509bd80b5bfde1bdcf2651bc44ea228c1d89bf15cb2eff541566bcbc
                              • Instruction ID: 0b007303847f6d6d4f86681a2b214c78250d2397890c43d965a2888bb7e21501
                              • Opcode Fuzzy Hash: 798726a1509bd80b5bfde1bdcf2651bc44ea228c1d89bf15cb2eff541566bcbc
                              • Instruction Fuzzy Hash: 6BE0D87264130067D2108F069C46F53FB98DB54A30F18C56BEE081B301E1B5B5048AF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A138, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d3a17de732fe814a04bb6ee34e494b6aa1dee49ee83ca645568346f5400acc8
                              • Instruction ID: a1b114f243c9c54de650984c32e0c8ee146c2fceb09823d471d1bf5eaf75e43d
                              • Opcode Fuzzy Hash: 1d3a17de732fe814a04bb6ee34e494b6aa1dee49ee83ca645568346f5400acc8
                              • Instruction Fuzzy Hash: BCE0D8716413006BD2109E07DC86B53FB98DB44A30F14C467EE0C1B301E1B6B5048AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1AB57, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b34a01ee69b021866ed6e33873321753c1450e372144f649d662eb6fcfad8970
                              • Instruction ID: c0d9e220f5ad5de2ecd88db7de455092c4fd44bb9c9eaa596ba963a156f4208d
                              • Opcode Fuzzy Hash: b34a01ee69b021866ed6e33873321753c1450e372144f649d662eb6fcfad8970
                              • Instruction Fuzzy Hash: E4E0D87264130067D2108E069C46B53FB98DB54A30F14C467EE0C1B341E1B5B5148AF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A34F, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a7c914558fd1eeca731b76ec744ecff20f5e13146a9a1cb0fe73241b0c4e8d4b
                              • Instruction ID: 96bf5de7e56d530942b12b655d6e0d9681ef8b3602b94b730ec90f7b84415ea4
                              • Opcode Fuzzy Hash: a7c914558fd1eeca731b76ec744ecff20f5e13146a9a1cb0fe73241b0c4e8d4b
                              • Instruction Fuzzy Hash: 4CE0D87264130067D2108E06DC86B63FB98DB44A30F14C467EE081B341E1B6B5048AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A567, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 97330aeaba822e5503f768fed48299a8865562ac0706f41ee070e0c9fbf5e1b8
                              • Instruction ID: 3359b91fb4005b71f5c1f144e5a6a79d724a3f49f1b65636fc9773436e638662
                              • Opcode Fuzzy Hash: 97330aeaba822e5503f768fed48299a8865562ac0706f41ee070e0c9fbf5e1b8
                              • Instruction Fuzzy Hash: AEE0D8716413046BD2109E069C86B53FF98DB44A30F14C467EE081B701E1B5B5048AE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A68F, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 500e90f20e9432d12806090c3d171adf955c698aba09bfd27fc9b6773529387e
                              • Instruction ID: 2674abe9ae97602ec308532158bac2dd94ca433947893a4affc6df097b3a04bf
                              • Opcode Fuzzy Hash: 500e90f20e9432d12806090c3d171adf955c698aba09bfd27fc9b6773529387e
                              • Instruction Fuzzy Hash: ECE0D87264130067D2108F069C86F53FB98DB54A30F14C46BEE081B341E1B5B5048AF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B1A7BB, Relevance: .0, Instructions: 26COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265385749.0000000000B12000.00000040.00000001.sdmp, Offset: 00B12000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7ae23b3c307bb0f8b6edef5fffd810bef36dcf1aa6f316f9b018d77f0d020881
                              • Instruction ID: e9656472f5369bd99aacd292e72e3cf0358b2a58f5b239ef7842d83fb70babb1
                              • Opcode Fuzzy Hash: 7ae23b3c307bb0f8b6edef5fffd810bef36dcf1aa6f316f9b018d77f0d020881
                              • Instruction Fuzzy Hash: 8FE0D87264130067D2108F069C86F53FB98DB54A30F14C46BEE081B301E1B5B5048AF5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680460, Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 793874a59e26eef31573b9d30e9095fb24a1cea1c35670d1fbfc4ed5f492c9bd
                              • Instruction ID: 0b99f0c12cfd208d0650c2ecc267adaed1da010fb2b595a8cd2f28785d3fd6b8
                              • Opcode Fuzzy Hash: 793874a59e26eef31573b9d30e9095fb24a1cea1c35670d1fbfc4ed5f492c9bd
                              • Instruction Fuzzy Hash: ACF0C974D4120CDFCB04EFB8D5485AEBBB5EB45305F5089ADC81463350DB759A51CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026828A7, Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d6638fa412310645e8f7075defa25ebb7d3c12963201d4da1fdfdd852dbea38e
                              • Instruction ID: 2625e603eee4c27fd23f166897fcd19907a1397477c892edffc9896481c1e77f
                              • Opcode Fuzzy Hash: d6638fa412310645e8f7075defa25ebb7d3c12963201d4da1fdfdd852dbea38e
                              • Instruction Fuzzy Hash: F0E04F7595A348AFCB04BFA0985A2DC7F74DB16201F1442A68C4453255EA344A5ACF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BB28, Relevance: .0, Instructions: 24COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7529fee472b09344878c652b2934862522bfd2e96b0f64e03f4de38d702dd574
                              • Instruction ID: 4ee0b64d373aee853afbb3fb815434a623c5a6afb4722416284279bdfa6db5db
                              • Opcode Fuzzy Hash: 7529fee472b09344878c652b2934862522bfd2e96b0f64e03f4de38d702dd574
                              • Instruction Fuzzy Hash: AEF01534904208EFCB05DF94D840AADBBB5FB48304F10C1A9EC0893351CB32AA61EF80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02682571, Relevance: .0, Instructions: 23COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 26f4995cc87263055e7ce3882216272406976ed42acb44d293891328cabe8dc0
                              • Instruction ID: 0e2c59f56c2442aa178c0a89ce2127fe9c5831c77589870027d856aab727535e
                              • Opcode Fuzzy Hash: 26f4995cc87263055e7ce3882216272406976ed42acb44d293891328cabe8dc0
                              • Instruction Fuzzy Hash: 1BF0E274A01318CFCB28EF25DA94BA9BBB1FB49305F1041E5DA4AA3248CB305D81CF52
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02680230, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 22d277d8a7be6f6796b1eabe0c94a787f5191e66e65d14dc617598b77ebf1023
                              • Instruction ID: 98dbc2b26e3959e3308e66ba65be5665088336f4e01567d987ec79e3bbb287ab
                              • Opcode Fuzzy Hash: 22d277d8a7be6f6796b1eabe0c94a787f5191e66e65d14dc617598b77ebf1023
                              • Instruction Fuzzy Hash: 25E08634D05308DFCB14EFA8D5455ACBBB5EB45305F1081A9D80593350DB715E54DF82
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BAD8, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9861c3395f0dc0da8818337e3b688d37a469a5e873d2193c1e3b0519a47fbf8d
                              • Instruction ID: 037529cb5a7d92e0917aaadec8fa2b752e09b30e29d8d1b60e7c1a3e1bdd8220
                              • Opcode Fuzzy Hash: 9861c3395f0dc0da8818337e3b688d37a469a5e873d2193c1e3b0519a47fbf8d
                              • Instruction Fuzzy Hash: F3E01A74D04208EFCB04EF95D8416ACFBB4EB48304F20C1EADC4493341DA76AA52EF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BD10, Relevance: .0, Instructions: 21COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9861c3395f0dc0da8818337e3b688d37a469a5e873d2193c1e3b0519a47fbf8d
                              • Instruction ID: dfa7d847f2255f01d7929f0f8fd345ed8698545333eab0b86c8271bedc1f64a3
                              • Opcode Fuzzy Hash: 9861c3395f0dc0da8818337e3b688d37a469a5e873d2193c1e3b0519a47fbf8d
                              • Instruction Fuzzy Hash: 1CE0E574D04248EBCB14EF94D840AACBBB4EB48204F20C1AA984493381DA36AA52EF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BD60, Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 23a4c4c945b82823012cc0dd5afb7ab480f43e4ea8ab5a79e97ca1e225c05d3e
                              • Instruction ID: 7b0eaa20ed47e1c4893b0d6a733299afd627bcd5438374f293c53da74b348bdc
                              • Opcode Fuzzy Hash: 23a4c4c945b82823012cc0dd5afb7ab480f43e4ea8ab5a79e97ca1e225c05d3e
                              • Instruction Fuzzy Hash: 59E0BF74D44208EFC714EF98D5416ACF7B4EB48304F20C1E9D81897351DB71AA42DF85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02688278, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cae511d1f655e765841d0dec9fa583261b99c1c0d386f36902ccbfb2abff11a0
                              • Instruction ID: 080c31225f5071ffb5311b41be2b0c7013b245c3e157114f073dedbf4d3aac79
                              • Opcode Fuzzy Hash: cae511d1f655e765841d0dec9fa583261b99c1c0d386f36902ccbfb2abff11a0
                              • Instruction Fuzzy Hash: 69E0B674D4520CEBCB14EFA8E945AADBBB8EB45300F60C1A9981463350DA305A51DF86
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268A4F0, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ad5b5456c3ca7a358e5805efd8f07a7a460391f3bc32c010baf89842d4dbbc87
                              • Instruction ID: 3c7efe2efbe3a154940e4f544c944b03e967560aeedd34e8e281eb95fa588c56
                              • Opcode Fuzzy Hash: ad5b5456c3ca7a358e5805efd8f07a7a460391f3bc32c010baf89842d4dbbc87
                              • Instruction Fuzzy Hash: 1EE0B674D45208EBCB04EFA5D4456ADBBB8EB44205F1081EA980963344DA345A85DF85
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689778, Relevance: .0, Instructions: 19COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8edd17bd8d65ce0c242f6117e063d5b44cebc46056436d47dd8c576a165058f1
                              • Instruction ID: 2545563d7ce33dc83783a2ffc8bfd29bb5af009044c741aa7d9e8f8c349b328e
                              • Opcode Fuzzy Hash: 8edd17bd8d65ce0c242f6117e063d5b44cebc46056436d47dd8c576a165058f1
                              • Instruction Fuzzy Hash: 4FE08C38C09208EFCB14EFA4D404ABCBBB8EB48300F2085E9DC0457351DA396A00DF81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268A458, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6df4ecc2394f0ebe5c3d822328abed30c61126081b1aa8fd407921251d1f4534
                              • Instruction ID: 8319c176b3a8f387746e3873a2d9a7aa5c5885b56dc0e4f309313becac59461c
                              • Opcode Fuzzy Hash: 6df4ecc2394f0ebe5c3d822328abed30c61126081b1aa8fd407921251d1f4534
                              • Instruction Fuzzy Hash: B8D0127084930CEBCB04EFA5D8096ADBB78E745201F5091D98C4423250CB301D41DEA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268A8A0, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d8b0483b13eaa00aa8ed3d99bf206fc80fdb379a5744e217ea75ba6719ca9adc
                              • Instruction ID: 0db23a781366af9f1feecd523b6fbbc8b4e2a7dbf0ce9c42c604fdc2940ece81
                              • Opcode Fuzzy Hash: d8b0483b13eaa00aa8ed3d99bf206fc80fdb379a5744e217ea75ba6719ca9adc
                              • Instruction Fuzzy Hash: B3D05B70845308EBD704EFE4D8055ADBB78E745301F5042D5C80923340CB301D46DFD5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026800ED, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 13877aacdfcdf4ccf700cd5e945b6eedf6439754f21c8d7df9b239386ebdb579
                              • Instruction ID: d893b23116d9e12a1d30543a65b97df3e544a814b5acc50cbc53e458c00eebcb
                              • Opcode Fuzzy Hash: 13877aacdfcdf4ccf700cd5e945b6eedf6439754f21c8d7df9b239386ebdb579
                              • Instruction Fuzzy Hash: 6FD01736D01108CBCB10DFB4E0446ECF774EB89329F10882AC518A3600C7315555CF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689AC8, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5dd6474a1216a53dbeeeb4150422e1cd7b562188d121849765a392c8877d50b0
                              • Instruction ID: b745b6de92c02a2db9ac36730b92ade1fa4531ba8b849eb08ac420374e2b9e09
                              • Opcode Fuzzy Hash: 5dd6474a1216a53dbeeeb4150422e1cd7b562188d121849765a392c8877d50b0
                              • Instruction Fuzzy Hash: ACD05E30C56208EBCB04EFA8D8016AEBBB8DB05701F2041E9880423340EA345E40DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026828B8, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e6796a79af41c5ae69a14e58b81c5a9b7158714c2f910923dd66d71809de7888
                              • Instruction ID: 98bec84fdc68eb6028147ec579f93500bc75c219d16e062b035d1b968e7c8d82
                              • Opcode Fuzzy Hash: e6796a79af41c5ae69a14e58b81c5a9b7158714c2f910923dd66d71809de7888
                              • Instruction Fuzzy Hash: A7D05E74845348EFCB04FFA4D8056ACBB78EB05601F1042EACC0463385DB345A98DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689A88, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 54c5cc1cc5b59309540260bb2ecc97fb0256a5b8d51ca089c22aeaecb2cda82c
                              • Instruction ID: 5cf435426bacb8d26c258b47a2af1b90088215db9218709dad14df203b48c735
                              • Opcode Fuzzy Hash: 54c5cc1cc5b59309540260bb2ecc97fb0256a5b8d51ca089c22aeaecb2cda82c
                              • Instruction Fuzzy Hash: 15D05E3080A348EBC724EBB595046FCBBB8AB06205F6045E9C85427341EF369E54DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02688128, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e67291fce54fa6e94f2fd10a49f1d955db69efae1b03bdb0becd37486fb96a2f
                              • Instruction ID: ed67d48a023c622117bd7bf7c30929028a703690f2375a8321f101fd1547b3e8
                              • Opcode Fuzzy Hash: e67291fce54fa6e94f2fd10a49f1d955db69efae1b03bdb0becd37486fb96a2f
                              • Instruction Fuzzy Hash: 79D05E3085520CEBC714EFA4E8056ADBBB8EB05605F9081E9D84863350DF315A40DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689B98, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7c34fa8b708715c6512e9834e31d79d1e5b08704575b5f49984e7bc26b170730
                              • Instruction ID: 577ae3cd4ecc5f9da2be38403e1569aa29495d912a0aeefde33ca3d539e5b1d7
                              • Opcode Fuzzy Hash: 7c34fa8b708715c6512e9834e31d79d1e5b08704575b5f49984e7bc26b170730
                              • Instruction Fuzzy Hash: C4D05E3084A248EBC714FFE4E8002BEBFB89B01201F6041EA880423381EE355A80DF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689848, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: e9ab274f82e07ff18482976aa608690f84230edf9c0826e0aa882a853d747757
                              • Instruction ID: 771154043a1a59f1a11541d20fc9dafee68ce54d39d309bd448ab5f8e68656c5
                              • Opcode Fuzzy Hash: e9ab274f82e07ff18482976aa608690f84230edf9c0826e0aa882a853d747757
                              • Instruction Fuzzy Hash: F7D0A9B044B208EBC704EFA2E808ABA732CE706A01F1049A8980A13310CF311900EEA8
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BE58, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7e2b4da529c69975f95e2be9bd6caaf353d5748112de973a9069c6f45ffd314d
                              • Instruction ID: 6c4da54a274cbdcc7f68b3e0d005d2f0fe19542c547c22481b2ae13c07613e15
                              • Opcode Fuzzy Hash: 7e2b4da529c69975f95e2be9bd6caaf353d5748112de973a9069c6f45ffd314d
                              • Instruction Fuzzy Hash: 8ED0A771849308DFC314EB64C404669B37DDB02248F5045DC850443261CF765D00DED1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02689420, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b37bf50570e2598dff95ef39e430e6eec96807f6465cfbc05900d8c8de8248a0
                              • Instruction ID: 7b6a0ca4485fddb52fd4efa7e72ccefa34af79179cced05bd944a87e9c17d37e
                              • Opcode Fuzzy Hash: b37bf50570e2598dff95ef39e430e6eec96807f6465cfbc05900d8c8de8248a0
                              • Instruction Fuzzy Hash: D1D0A93084A308EBC318EBB1E804FBAB32CDB02202F900198840C53340DF711940EEA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BC00, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 5531c5cd5b28abd09f649d688be72aee152ade7a72f367c5c81ea4b8f6f6d4a7
                              • Instruction ID: 15a685671f50231aeaf89252c94f858565fd38e72f257c4b5aa9436a88a1fb5d
                              • Opcode Fuzzy Hash: 5531c5cd5b28abd09f649d688be72aee152ade7a72f367c5c81ea4b8f6f6d4a7
                              • Instruction Fuzzy Hash: BED0A93044A308EBC728EBA188007ADB32CDB02208FA001EC860863301CF72A981DFD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026895C0, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dafbc52ba48938abf20854d65925509f74d69be68c0e9abf9198bf671bb44e37
                              • Instruction ID: 99342e9e704ce9ba6a8c699fbb1e5bbbfd096058a659212c4f27f877dce7558c
                              • Opcode Fuzzy Hash: dafbc52ba48938abf20854d65925509f74d69be68c0e9abf9198bf671bb44e37
                              • Instruction Fuzzy Hash: 21D0A97044A308EBC304EBA0E804ABA73ACEB02A11F9042A8940C63310CF712A00DE96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B023F4, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265262010.0000000000B02000.00000040.00000001.sdmp, Offset: 00B02000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8c1d3339a07487f3e5d96ac47fe8f10a9eed9475e04e1df8fb66dc46c11d084f
                              • Instruction ID: 440fb9be3ef3434070ffa384ffbdc2c85debc6ac80080843aeaf8df57ad618d5
                              • Opcode Fuzzy Hash: 8c1d3339a07487f3e5d96ac47fe8f10a9eed9475e04e1df8fb66dc46c11d084f
                              • Instruction Fuzzy Hash: B3D05E79215A818FD3268B1CC1A9B993FD4EB51B04F4644FDE8008B7B3C368D985D200
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026800CD, Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1fdc0616396d287a08173f26ab51e288e32300949e7fda30c321e6ed9daa6053
                              • Instruction ID: aa59be6203edaf009c354e2299ddc1d5cec942996b7b0e0f7e9717c5a303a494
                              • Opcode Fuzzy Hash: 1fdc0616396d287a08173f26ab51e288e32300949e7fda30c321e6ed9daa6053
                              • Instruction Fuzzy Hash: 2DD09236E01108CB8B108BB8E4404DCF775EB8922AB10946AC518A3610C73195558F50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 00B023BC, Relevance: .0, Instructions: 14COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.265262010.0000000000B02000.00000040.00000001.sdmp, Offset: 00B02000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f8256a6979a8baf806f964a2c8b541347fd3cb9de67fa932661033ce56e9ba65
                              • Instruction ID: 9308d666f79af2e9b0719939d02ca9f6427a327103f2c97ead83bc39d89ad243
                              • Opcode Fuzzy Hash: f8256a6979a8baf806f964a2c8b541347fd3cb9de67fa932661033ce56e9ba65
                              • Instruction Fuzzy Hash: 0DD05E342002818FCB15DB0CD598F593BD4EB41B00F0644E8AC008B6A2C3B8DC85C600
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02682665, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a62d221d0840daee2e5793999dbeed0e22214a68993c120a1718dcbb75b84d4b
                              • Instruction ID: 9cea6cfb0628e5233eda678853472e0f511fca53eca25bb812b6d459998bd6f4
                              • Opcode Fuzzy Hash: a62d221d0840daee2e5793999dbeed0e22214a68993c120a1718dcbb75b84d4b
                              • Instruction Fuzzy Hash: F0D01730A00149CFCB14AFA4D690B9D7BB0FB05304F205695DB05A2254CB704DCACF65
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0268BDA8, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 438a95d99307f74cff842e4edae1ff06f6403f678aadff2293d7c247f828e1b2
                              • Instruction ID: 7d73537b7f899ca432612725e335faa7be1dcf821b890ffb966d80327625820e
                              • Opcode Fuzzy Hash: 438a95d99307f74cff842e4edae1ff06f6403f678aadff2293d7c247f828e1b2
                              • Instruction Fuzzy Hash: D7C02B3008A30493D21C3341680C3F5336CD30230EF841D80820C431A1DFA85000CFA4
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Function 02682924, Relevance: 5.1, Strings: 4, Instructions: 119COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000A.00000002.269995059.0000000002680000.00000040.00000001.sdmp, Offset: 02680000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: :@:r$>_?r$`5ar$f]?r
                              • API String ID: 0-3822966099
                              • Opcode ID: a692c533d480421c2003fcc94ff2e93e58b35ea7cfcf3d56c5e5bb06ebb36d45
                              • Instruction ID: a762e534ab11613c5a2ee11e2177c5f263942fe9d0fc7216194635ffacc664af
                              • Opcode Fuzzy Hash: a692c533d480421c2003fcc94ff2e93e58b35ea7cfcf3d56c5e5bb06ebb36d45
                              • Instruction Fuzzy Hash: D651D870E00249CFD744EF6AE95678DBBF2FF89304F54C16AE508AB268DF71190A8B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Analysis Process: powershell.exe PID: 6120 Parent PID: 5820 powershell.exeCOMMON

                              Executed Functions

                              Function 0779E162, Relevance: .6, Instructions: 615COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 98051cbd9b696a3b3ccd783ae58073c9d9c562499b9ccc26fafe1bd2f0a470f5
                              • Instruction ID: 8f4f3a6f83c7bb71a598a6198e1d160b707bf737b8322310ba937d481552badb
                              • Opcode Fuzzy Hash: 98051cbd9b696a3b3ccd783ae58073c9d9c562499b9ccc26fafe1bd2f0a470f5
                              • Instruction Fuzzy Hash: 9F325AB5B01219DFCF14DFA8D898A6DBBB2AF89340F158879D40A9B351DB74EC42CB41
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779B781, Relevance: .6, Instructions: 575COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c5adea0d951253243cc9f37543ad22bd6090e09b045c445923d41f25f7621175
                              • Instruction ID: fd988cad1d5a46cb4e3d84ba6ba92ce049a4df5699e2149b07c173a4186e8a61
                              • Opcode Fuzzy Hash: c5adea0d951253243cc9f37543ad22bd6090e09b045c445923d41f25f7621175
                              • Instruction Fuzzy Hash: 523239B0B01219CFDB24DB68E854AAEB7F2AF89250F1584B9D40ADB360DF349D45CF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779A738, Relevance: .5, Instructions: 506COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ccb53458b31094d5da03bbe2f72dad7f8ca3caf2fc3a6d484d39dfa70420b568
                              • Instruction ID: 55d6349ca4c3f102118d9a357d7ac260620f6e0388304de11d04bc39a973f34a
                              • Opcode Fuzzy Hash: ccb53458b31094d5da03bbe2f72dad7f8ca3caf2fc3a6d484d39dfa70420b568
                              • Instruction Fuzzy Hash: 89123AB0A02209CFDB14DBA8D599A6EB7F3AF89355F16C879D4069B354DB34EC42CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779C790, Relevance: .4, Instructions: 404COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 856e65dcb827c5fe42285068915a98ce631d9e8ae10a61844e968b68f29fe138
                              • Instruction ID: fce56de77f9a5652b600198d3601fbdc7299443c036f3a2a9c78142165473933
                              • Opcode Fuzzy Hash: 856e65dcb827c5fe42285068915a98ce631d9e8ae10a61844e968b68f29fe138
                              • Instruction Fuzzy Hash: 5E025A70A01209DFDF05DFA8D595AADBBF2EF88314F158469E809AB365DB34AC41CF90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07799320, Relevance: .2, Instructions: 245COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 32487c405379d7a1c3daf2e4660ad44f36eb100666e9e7d56310820750f071ba
                              • Instruction ID: a5ca89b90e04721da4f7e1db0410332019afbd717acb45ca086196421cf2be86
                              • Opcode Fuzzy Hash: 32487c405379d7a1c3daf2e4660ad44f36eb100666e9e7d56310820750f071ba
                              • Instruction Fuzzy Hash: 28819CB0B012089BDF14DFB8D9596AEB7F3AFC9344F148839D9069B394DB34A8068B51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07796B5D, Relevance: .2, Instructions: 236COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f6d91411cc6fba09b59e8a6036c3eab8fa60d5564ebd47831169e10dd72df9b
                              • Instruction ID: 19eda6e828b769a0b269a74dbcf059df1f29f01f760a46127c3497eb0c28e4f0
                              • Opcode Fuzzy Hash: 2f6d91411cc6fba09b59e8a6036c3eab8fa60d5564ebd47831169e10dd72df9b
                              • Instruction Fuzzy Hash: B2817170B002059FDB24DB78D859A6EB7E7AF85240F16C978E906EB394DF38DC418B61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029AB708, Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: InfoSystem
                              • String ID:
                              • API String ID: 31276548-0
                              • Opcode ID: b69e931bf98429934dfd570108ec55a7680cdf477ff75923e5f3f04b7e1e7776
                              • Instruction ID: 11cef11357ee9c4eb0cc585aad40c1b4bf1628556028d5c1fa6b4391755c2147
                              • Opcode Fuzzy Hash: b69e931bf98429934dfd570108ec55a7680cdf477ff75923e5f3f04b7e1e7776
                              • Instruction Fuzzy Hash: 1541BA75E002199FCB14CFA9D4287EEBBF4EF88318F00846AD905A7740DB759916CBE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 045EDFE8, Relevance: 1.6, APIs: 1, Instructions: 117fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(00000000,?,?,?,?,?,?), ref: 045EE112
                              Memory Dump Source
                              • Source File: 0000000B.00000002.438136888.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 790f624da1683b9cddaf483e3ac41d3310775f0f0073c004871a55133cdf0571
                              • Instruction ID: ee362665f4385cc4cb7ca812c7b351ec6144d808b3f20cef81371179016a756a
                              • Opcode Fuzzy Hash: 790f624da1683b9cddaf483e3ac41d3310775f0f0073c004871a55133cdf0571
                              • Instruction Fuzzy Hash: EA41C371A042099FDB14DF99D845BAEFFF5FB48314F048169EA04AB381C775A940CBE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029A2444, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                              Download Yara Rule
                              APIs
                              • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 029A7F92
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: AuthzCodeIdentifyLevel
                              • String ID:
                              • API String ID: 1431151113-0
                              • Opcode ID: 28230a94872a4626de81fc37b78237b062f58027fb7d92b11cba01bfefcc652e
                              • Instruction ID: 9f457c0535f7e8c8f869709b4ed0d1ba6678088cb7d24a630bacf0ae60aaefad
                              • Opcode Fuzzy Hash: 28230a94872a4626de81fc37b78237b062f58027fb7d92b11cba01bfefcc652e
                              • Instruction Fuzzy Hash: 0F41F570900269CFEB24CF99C995BDEBBB5BB48304F0085EAD50DA7240D7759E89CFA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029A7E75, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                              Download Yara Rule
                              APIs
                              • IdentifyCodeAuthzLevelW.ADVAPI32(00000001,?,?,00000000), ref: 029A7F92
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: AuthzCodeIdentifyLevel
                              • String ID:
                              • API String ID: 1431151113-0
                              • Opcode ID: c39604a0b261bd4567c5b3ce2477c10f48962e86d4d7a8debd032e4c610b6b43
                              • Instruction ID: 4a53f50d1690321e9a1c029840cc2d11c6070f826c75ecc739b5def3f0c9ec75
                              • Opcode Fuzzy Hash: c39604a0b261bd4567c5b3ce2477c10f48962e86d4d7a8debd032e4c610b6b43
                              • Instruction Fuzzy Hash: E4411470901269CFEB24CF99C995BDEBBB5BB48304F1085EAD40DA7240D7719A89CFA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07787E00, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448589576.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                              Similarity
                              • API ID: ConsoleCtrlHandler
                              • String ID:
                              • API String ID: 1513847179-0
                              • Opcode ID: f28e82c53fa57f9bb852bb5cb4ce8e27ae4498def58310b0aefc66f2380e90b6
                              • Instruction ID: 5d69b626bfd22723e80e2bba4d05cf1b53ddb0824aed13f595aeeafd7cdb49f2
                              • Opcode Fuzzy Hash: f28e82c53fa57f9bb852bb5cb4ce8e27ae4498def58310b0aefc66f2380e90b6
                              • Instruction Fuzzy Hash: 5C31DEB19042498FCB10DFA9C8087EEBFF5AF85310F15846AD459E7381DB389945CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07786E8F, Relevance: 1.6, APIs: 1, Instructions: 78COMMON
                              Download Yara Rule
                              APIs
                              • SetConsoleCtrlHandler.KERNELBASE(00000000,?), ref: 07787EE3
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448589576.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                              Similarity
                              • API ID: ConsoleCtrlHandler
                              • String ID:
                              • API String ID: 1513847179-0
                              • Opcode ID: cffc2ff936baf72bc9f81d506919199da22293f8a2aff8842069fe4aca9e9f11
                              • Instruction ID: 2b96a18bb799b69dc6f54f095af2b10f86b0e497477bf4d74e2b677a2df0316f
                              • Opcode Fuzzy Hash: cffc2ff936baf72bc9f81d506919199da22293f8a2aff8842069fe4aca9e9f11
                              • Instruction Fuzzy Hash: A52191B2D102098FCB54DF99C8487EEBBF1FF89314F158429D419A3741DB38A946CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07787E58, Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                              Download Yara Rule
                              APIs
                              • SetConsoleCtrlHandler.KERNELBASE(00000000,?), ref: 07787EE3
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448589576.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                              Similarity
                              • API ID: ConsoleCtrlHandler
                              • String ID:
                              • API String ID: 1513847179-0
                              • Opcode ID: f20fc258e0c167ca6e16b3a8cd064d705bbe890e53080d458cd439a164720153
                              • Instruction ID: 19472d887149097b74eaa780fc404e7e9b3c09bd3cecccdf788230a2c2ac152d
                              • Opcode Fuzzy Hash: f20fc258e0c167ca6e16b3a8cd064d705bbe890e53080d458cd439a164720153
                              • Instruction Fuzzy Hash: 512160B1D002198FCB14DFA9C848BEEBBF5AF89314F158429D459A3740DB78A945CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07786E9C, Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                              Download Yara Rule
                              APIs
                              • SetConsoleCtrlHandler.KERNELBASE(00000000,?), ref: 07787EE3
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448589576.0000000007780000.00000040.00000001.sdmp, Offset: 07780000, based on PE: false
                              Similarity
                              • API ID: ConsoleCtrlHandler
                              • String ID:
                              • API String ID: 1513847179-0
                              • Opcode ID: b5d7eb3a422a779e48d56132e5a81d015e4cc10e2ea1683e3f85b2508f6d64ff
                              • Instruction ID: 919317392da1594ba44d0eabc637f76532863305421fc23f8d9433d404aa20dc
                              • Opcode Fuzzy Hash: b5d7eb3a422a779e48d56132e5a81d015e4cc10e2ea1683e3f85b2508f6d64ff
                              • Instruction Fuzzy Hash: 0C216DB1D002198FCB54DF99C8487EFBBF5AF89324F158429D419A3740DB38A945CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 045EE088, Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                              Download Yara Rule
                              APIs
                              • CreateFileW.KERNELBASE(00000000,?,?,?,?,?,?), ref: 045EE112
                              Memory Dump Source
                              • Source File: 0000000B.00000002.438136888.00000000045E0000.00000040.00000001.sdmp, Offset: 045E0000, based on PE: false
                              Similarity
                              • API ID: CreateFile
                              • String ID:
                              • API String ID: 823142352-0
                              • Opcode ID: 7e6bd46b18585e8efee5d3db1dc0d595fb2e5efaf8cfe828682077a8439b120b
                              • Instruction ID: 2155f2ed70c6d4c65a9a26cba6330a104ca49fcb5fdc0159883f84e0089d1172
                              • Opcode Fuzzy Hash: 7e6bd46b18585e8efee5d3db1dc0d595fb2e5efaf8cfe828682077a8439b120b
                              • Instruction Fuzzy Hash: 9E2123B5900259AFCF14CF9AD885AEEFBB4FB09320F04811AE918A7210C775A954DFE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029A2450, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 029AA646
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: AccessAuthzCodeComputeFromLevelToken
                              • String ID:
                              • API String ID: 132034935-0
                              • Opcode ID: b6684ffe16b21db56de7079e4f5285d9f590a872bcd05a01f227833ef1049c74
                              • Instruction ID: abbfc4fc4f473fa2dcad29439b9d42a9b97c15df64a5026d15958fd1023dc42e
                              • Opcode Fuzzy Hash: b6684ffe16b21db56de7079e4f5285d9f590a872bcd05a01f227833ef1049c74
                              • Instruction Fuzzy Hash: D22127B19003499FCB10CF9AC884BDEBBF4FB49324F148429E929A7340D774A945CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029AA5C8, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                              Download Yara Rule
                              APIs
                              • ComputeAccessTokenFromCodeAuthzLevel.ADVAPI32(?,00000000,?,?,?), ref: 029AA646
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: AccessAuthzCodeComputeFromLevelToken
                              • String ID:
                              • API String ID: 132034935-0
                              • Opcode ID: 5b9d619bb36a5b312327895465d86060646239b4c92c111036a697bcbfcdefc1
                              • Instruction ID: d75069b3ff92ebc73a0b38b4102b9b7c99c402db0a37e449568412c336df863f
                              • Opcode Fuzzy Hash: 5b9d619bb36a5b312327895465d86060646239b4c92c111036a697bcbfcdefc1
                              • Instruction Fuzzy Hash: 642138B19002499FCB10CFA9C884BEEBBF1FF49314F148429E568A7351C335A956CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029AB7D8, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: InfoSystem
                              • String ID:
                              • API String ID: 31276548-0
                              • Opcode ID: 820cf6d367ebc887d9404eaecf3d84858790516d34158f13273fb3fe7a5f73b8
                              • Instruction ID: 3d3661623bc648e27101c85cf348ce3e629b25d4a8a12d35dd0e475f4cce4af1
                              • Opcode Fuzzy Hash: 820cf6d367ebc887d9404eaecf3d84858790516d34158f13273fb3fe7a5f73b8
                              • Instruction Fuzzy Hash: 7911F0B1D002599FCB10CFAAD4947DEFBB4BF49224F10825AD818A3340C7756A46CFE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 029AB7E0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                              Download Yara Rule
                              APIs
                              Memory Dump Source
                              • Source File: 0000000B.00000002.434510239.00000000029A0000.00000040.00000001.sdmp, Offset: 029A0000, based on PE: false
                              Similarity
                              • API ID: InfoSystem
                              • String ID:
                              • API String ID: 31276548-0
                              • Opcode ID: e2a02ed7736065e71f10e255cffb9effb49970bf231d3ab3ef14fde86ae6ebbc
                              • Instruction ID: 0ca41ae0746e7c8da37e495b770a569b24e8e0449626b2b38a5eedf272849cbb
                              • Opcode Fuzzy Hash: e2a02ed7736065e71f10e255cffb9effb49970bf231d3ab3ef14fde86ae6ebbc
                              • Instruction Fuzzy Hash: F411E0B1D002599BCB10CF9AD454BDEFBF4FB49224F10811AD818A3340C775A945CFE1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07799A40, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                              Download Yara Rule
                              Strings
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID: ]j
                              • API String ID: 0-2112577400
                              • Opcode ID: bc5737f596c1446bbf43a69d32b5e5c2c9b504d8afb9579079f97bda723df13b
                              • Instruction ID: 3c89ee610ab7bd11b6092132216391e58831a3f0c32f209f29c4cb36864173c7
                              • Opcode Fuzzy Hash: bc5737f596c1446bbf43a69d32b5e5c2c9b504d8afb9579079f97bda723df13b
                              • Instruction Fuzzy Hash: 155102B13052068FDB14DF69E49866A77A2EFC1244F05887DEA068B391DF38EC01CF91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779D8C4, Relevance: .4, Instructions: 363COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2f25c50af118642d2bc8a7510a82e05ff0dc86b230cb36981af48079f0368b08
                              • Instruction ID: 0ae944d99cefbcb7454d8d3e632eeff6040c3c3991587e254ffd27b8d258d1fc
                              • Opcode Fuzzy Hash: 2f25c50af118642d2bc8a7510a82e05ff0dc86b230cb36981af48079f0368b08
                              • Instruction Fuzzy Hash: EED1B0B0B0520A8FCF24EF68E5546AEB7F3EF85264B108879D51ADB350DB34E845CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07794868, Relevance: .3, Instructions: 269COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 186e60e3ba4144a8ab70017e7e2da4b6b7499213b0d82fdbf6660342d0f747c7
                              • Instruction ID: 8bc1843a51829611b5722b38177f51cc613bd97040318f20008e59fed1f42a1f
                              • Opcode Fuzzy Hash: 186e60e3ba4144a8ab70017e7e2da4b6b7499213b0d82fdbf6660342d0f747c7
                              • Instruction Fuzzy Hash: 74A18AB5A01249DFDF14CFA5E858AAEFBB6FF89314F108579E415A7740DB30A846CB80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07793FF0, Relevance: .3, Instructions: 262COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a861ff14abf8aedee773bd436a6c5b7874e26323f3ba7b6fb3d50b74e8aa15b
                              • Instruction ID: ba6b73bb551d543fbd12eb016ad33730e3ba7a5576ddb2760499d6e68dee8683
                              • Opcode Fuzzy Hash: 7a861ff14abf8aedee773bd436a6c5b7874e26323f3ba7b6fb3d50b74e8aa15b
                              • Instruction Fuzzy Hash: 82A17A74B01219DFCB14DFA8D994AAEBBF2BF89340F108869D506AB354CB34AD46CB51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07795948, Relevance: .2, Instructions: 243COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3adab8f19911a0a8e115cb936faa2fbc5cd494272f341bd632976670bf8b9b4d
                              • Instruction ID: cdcfc9068176f164046346f2bd65ce5324d184a095cf71413ed58297b5a7d760
                              • Opcode Fuzzy Hash: 3adab8f19911a0a8e115cb936faa2fbc5cd494272f341bd632976670bf8b9b4d
                              • Instruction Fuzzy Hash: E991D2B4B012199FDB15DFA8D8946AEBBB2EF89354F108479E9019B390DF30DC41CB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07790678, Relevance: .2, Instructions: 208COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a12b57a6dbb126d8394a480be680831894b23846c4d53b0eeb7126064b2d23b7
                              • Instruction ID: da1bd8c08c6fb92b9e06e65e87577df8d1ca93dc2e05fd8bbc151588af101e13
                              • Opcode Fuzzy Hash: a12b57a6dbb126d8394a480be680831894b23846c4d53b0eeb7126064b2d23b7
                              • Instruction Fuzzy Hash: 95913774A01209CFCB54DF68D458AA9B7F2FF88255F158469E406EB760CB35EC41CFA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07798628, Relevance: .2, Instructions: 192COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a1a66e9a19f35ec4f92eff9abd579564590b29be4e785282d50f5966979d10c9
                              • Instruction ID: 9974f9ac6a092a81a2ef37b1898f4c5467ca840daa11a2b209da95c02e080bd3
                              • Opcode Fuzzy Hash: a1a66e9a19f35ec4f92eff9abd579564590b29be4e785282d50f5966979d10c9
                              • Instruction Fuzzy Hash: A461B5F0616601CFDB68AB28E15893DB7E2FF83785B54483AD406CBB51CB28E8418B53
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07796F80, Relevance: .2, Instructions: 176COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 281242c10b60d6459c78cec7080add2620fe5ff5585f43477e4c2f153d4e1a91
                              • Instruction ID: 00ea1f81c360ecae840697bed48077e12e6971480290eeb5651638c7a6b99c8c
                              • Opcode Fuzzy Hash: 281242c10b60d6459c78cec7080add2620fe5ff5585f43477e4c2f153d4e1a91
                              • Instruction Fuzzy Hash: AE517BB4B112098FCF18DB78D8599AEBBF6AFC9241B158839D5069B350DB34DC41CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07791C90, Relevance: .2, Instructions: 168COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 43d7dfa58b5cc8b9dc4b06a4e9eba0113996c5894078fd41a4830aaacff36fec
                              • Instruction ID: 5eca916c17568c8ce7564bc8cf03427fe7e12551270f6c578c54224d1a6ff599
                              • Opcode Fuzzy Hash: 43d7dfa58b5cc8b9dc4b06a4e9eba0113996c5894078fd41a4830aaacff36fec
                              • Instruction Fuzzy Hash: 3D5106F1F012074BCF348B24E51412E77A3EBC2295B59CC7ED6468BA05CB31E862CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07798428, Relevance: .2, Instructions: 165COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ce83ba795f2fbe724b686f8dfd5c33ad66700fa4e9f9d0fde240b2867e3a6234
                              • Instruction ID: 4d3078ab4601eb0d743b09d60ae97f953db9772de6acbe4c9ea3bd00e5ec585f
                              • Opcode Fuzzy Hash: ce83ba795f2fbe724b686f8dfd5c33ad66700fa4e9f9d0fde240b2867e3a6234
                              • Instruction Fuzzy Hash: 71513630A053499FCB11DF68D8449AEBBB2FF86314F0489AAE4459B352CB34EC46CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07791850, Relevance: .1, Instructions: 144COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2dc5f1d6746905f144f8eb3be2d77bc32445737c8b07ecc794b3888fcb6f9072
                              • Instruction ID: 6fe0dae21ec20ec1b51110cab717efe787a9fa2969491b5a719e0e2b5cd471b8
                              • Opcode Fuzzy Hash: 2dc5f1d6746905f144f8eb3be2d77bc32445737c8b07ecc794b3888fcb6f9072
                              • Instruction Fuzzy Hash: FE5124787106148FC748DB68D498D28B7F6EF8972572685A9E60ACB3B2CB31EC45CB40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779F451, Relevance: .1, Instructions: 143COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: c2694d8f4f0f0152fbc0b3e9ca7d8bc1f68616d4798f7359c504e1a9bf3a6d58
                              • Instruction ID: f31716735708730a625082551f9d3814fb683ff8daebe063232be173ad169016
                              • Opcode Fuzzy Hash: c2694d8f4f0f0152fbc0b3e9ca7d8bc1f68616d4798f7359c504e1a9bf3a6d58
                              • Instruction Fuzzy Hash: D641E1B2B1A222AFCF245A38B41807E77EBABC92A57148E7BD507C7354DE34DD018791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07795C34, Relevance: .1, Instructions: 131COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4c21ca3c845302db48811db7d7b5386f64a1f2842df43f472e5006da99521f93
                              • Instruction ID: d5e4e501d31d357dea5b8be92f02deb1642fc5234e212c80c5d9555cf0be3cef
                              • Opcode Fuzzy Hash: 4c21ca3c845302db48811db7d7b5386f64a1f2842df43f472e5006da99521f93
                              • Instruction Fuzzy Hash: 2641A070B052188FDB14DB78C8587AEB6E6AF89344F108868D406AB790CF35EC42CBA5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779A4D8, Relevance: .1, Instructions: 127COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a4e303c73830fedb5d3adabe220edd86109cb943d97f7bbb08fa101f4d304461
                              • Instruction ID: caf0bab1db3d10bbac89bee16069265e81f9df3dfd18a7efe2c7cb34b68ec667
                              • Opcode Fuzzy Hash: a4e303c73830fedb5d3adabe220edd86109cb943d97f7bbb08fa101f4d304461
                              • Instruction Fuzzy Hash: 29414AB1B0121A9FCF00DFA8D844AAEBBF6FF88350F104929E915E7350DB349941CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07798098, Relevance: .1, Instructions: 125COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b25bc19c3fd61265e203033b25a119f13902e872f7de8d1a6ba4f008cbb5917c
                              • Instruction ID: 830702874408799a1695b3b1e9aa331b58751e67dd8095824cb31b1398203d73
                              • Opcode Fuzzy Hash: b25bc19c3fd61265e203033b25a119f13902e872f7de8d1a6ba4f008cbb5917c
                              • Instruction Fuzzy Hash: 28516CB4A00209DFCB14CFA4D985AAEBBF2BF89304F214569E501AB351DB70ED46CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07792608, Relevance: .1, Instructions: 121COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: dc49005c7dff55c1c4765ad919b24bed3b49e5f15a57c997eca640197b7f6b9c
                              • Instruction ID: 46548b3f0a0a8bc4afc9993ae57af9315e9b1bcb88f3a60193176901c0ce7d07
                              • Opcode Fuzzy Hash: dc49005c7dff55c1c4765ad919b24bed3b49e5f15a57c997eca640197b7f6b9c
                              • Instruction Fuzzy Hash: 66418CB07067851FCB169BB0E4613EB7FB2AF87210F1848BDD1C5A7193D7249806C751
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07797848, Relevance: .1, Instructions: 120COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ff1c42ae26482c3ddb03212cb67abb16cd30788dc59f355c0bbbffeb29006de2
                              • Instruction ID: b07648203e869dd766dd84f245c0b26afdc69ca781a57151d8a139f977518a7c
                              • Opcode Fuzzy Hash: ff1c42ae26482c3ddb03212cb67abb16cd30788dc59f355c0bbbffeb29006de2
                              • Instruction Fuzzy Hash: D241AFB0A102098FDB18DFA5E548BAEFBB2EF88764F148969D405A7380CB749D45CFD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 077916F9, Relevance: .1, Instructions: 99COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: ea651c7043bfe9bb4123d3121709c8743552f3991c05fe45b6a953e425eeb331
                              • Instruction ID: fa4c45adef0ba0a391b53cc59ca583414689313b3ad1c8327860f84161badbac
                              • Opcode Fuzzy Hash: ea651c7043bfe9bb4123d3121709c8743552f3991c05fe45b6a953e425eeb331
                              • Instruction Fuzzy Hash: C13155316043599FC355EB68D91489EBBE7EFC53203158E59E111CF2A4CF70AC068BE2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779B608, Relevance: .1, Instructions: 92COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3a37006635272bec6350e56a3ae14e3bf3307b9bebf67a0526e69133bab7ba61
                              • Instruction ID: 19bb23b6b29145fbb89f9cabe280cf282b143714dc674465b1a4c51d56d61b3c
                              • Opcode Fuzzy Hash: 3a37006635272bec6350e56a3ae14e3bf3307b9bebf67a0526e69133bab7ba61
                              • Instruction Fuzzy Hash: 9D41F6B4A01219CFDB14DF19D884B99BBB2BF48320F15C4AAD449AB361DB70ED85CF60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779B618, Relevance: .1, Instructions: 90COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: cf031a6bd28437a90b256d66b04274a5c83fbc92b5a6f59f40c8b4734293e148
                              • Instruction ID: 1732503f8ecb458e0db1a733886156b19b19c71480cb92d3b627d2bfe01e740e
                              • Opcode Fuzzy Hash: cf031a6bd28437a90b256d66b04274a5c83fbc92b5a6f59f40c8b4734293e148
                              • Instruction Fuzzy Hash: 6C41D6B4A01218CFEB14DF19D884B99B7F2AF48310F05C4AAD849AB361DB74ED84CF60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07791710, Relevance: .1, Instructions: 88COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a7351ba0a4e81565ed154f638740747de1403ffddec98276c37ba6f1003487fb
                              • Instruction ID: c70adda2c2bcd495bd9cb2c8bd06841c6b48ddfeb9af4905ada3d8a4d7f4ea4d
                              • Opcode Fuzzy Hash: a7351ba0a4e81565ed154f638740747de1403ffddec98276c37ba6f1003487fb
                              • Instruction Fuzzy Hash: 4931F6316002199FC755EB68D94449EF7E7EFC43243158E68D525CB3A4CF70AC068BE5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07797FB8, Relevance: .1, Instructions: 81COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 9d514e89bbf94e63c1989d1e35d71378d1e637a108c5b988e5947887f8712750
                              • Instruction ID: 805e6b0ae4a750c452e526220dec35bc71e7ef8ae448327ac46f6e9e80a42543
                              • Opcode Fuzzy Hash: 9d514e89bbf94e63c1989d1e35d71378d1e637a108c5b988e5947887f8712750
                              • Instruction Fuzzy Hash: E8317870A011188FDF44DBA8D9586EEBBF2EF89314F1080AAD409E7340DB358E06CB95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779A650, Relevance: .1, Instructions: 80COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 597eeee4c26ac8770b374eb8bc309618c33610385878f32d23bdb05b61f8c8d4
                              • Instruction ID: c459e60ae95a49fddb78297f60d1b85a8f48d213ea2c2d91eb35a5ce23e65c31
                              • Opcode Fuzzy Hash: 597eeee4c26ac8770b374eb8bc309618c33610385878f32d23bdb05b61f8c8d4
                              • Instruction Fuzzy Hash: 8621F1B1B032168BCF15AB78E49446EBBB2FF85254B11C83EC50587340DB32D816CB92
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07792690, Relevance: .1, Instructions: 77COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b6ad2b2cb934a5ba945a0be56284b2d5cdc867d7e0bfd46af89af1c28a4db02c
                              • Instruction ID: e0f8c8e854808a31368f0bb07389d9c27c7f84493374552a7b703d452a01d547
                              • Opcode Fuzzy Hash: b6ad2b2cb934a5ba945a0be56284b2d5cdc867d7e0bfd46af89af1c28a4db02c
                              • Instruction Fuzzy Hash: A321F6F4B056855FDB15EB70D4507EB7BB3BF8A240F18886CC181B7192DB75A806C751
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07798159, Relevance: .1, Instructions: 69COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d03daa4690a7be1be46a08f8ec4d53f0b15b5d6faaa51cd80aedab190554486e
                              • Instruction ID: 561fd211f01555dbab1e86d2a5c81ade48b3e06876be8f6fa04d49dffde115c4
                              • Opcode Fuzzy Hash: d03daa4690a7be1be46a08f8ec4d53f0b15b5d6faaa51cd80aedab190554486e
                              • Instruction Fuzzy Hash: FA217A74A0060A9FCB14CFA4D981ADEB7F2BF89304F218559E901AF751DB70ED06CB55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 077989B8, Relevance: .1, Instructions: 67COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 584dd3611ed51ad8379dccbcd4f740d3fbf5b40d303867703a109f5c0ac421c0
                              • Instruction ID: fb4304318cb01f8fbfa58a8fd0fd88a781bc1d180920a5deca818137430006b4
                              • Opcode Fuzzy Hash: 584dd3611ed51ad8379dccbcd4f740d3fbf5b40d303867703a109f5c0ac421c0
                              • Instruction Fuzzy Hash: 641167717056058BCB18DA6AE88492AB7E6EFC52A8714C93ED40A87304EF31E8068B42
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07798419, Relevance: .1, Instructions: 66COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7a99040f1ab2c4031eaadfe4e681ff2602bfa76a67b5f45d56b8872fc4d5f96e
                              • Instruction ID: a806c8aadb893dc0791b5c14499a3b79c3652a469359c25040e14c5f8e4bb0b9
                              • Opcode Fuzzy Hash: 7a99040f1ab2c4031eaadfe4e681ff2602bfa76a67b5f45d56b8872fc4d5f96e
                              • Instruction Fuzzy Hash: 0821A13190075ADFCB14EFB4D8506AEF7B6FF85300F108929E959A7240EB71E945CB90
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 077976C8, Relevance: .1, Instructions: 54COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 2b225afd7156b893877194210f7a717bd217f679ffb66c45e9a6117e6943bf67
                              • Instruction ID: 4903d4de96e54927d47329e0f2b754d5aa0196bb8768b25257025284ad4dca85
                              • Opcode Fuzzy Hash: 2b225afd7156b893877194210f7a717bd217f679ffb66c45e9a6117e6943bf67
                              • Instruction Fuzzy Hash: 170104F47101009FCB49EB6AD409B6EBBE39F84690F19C0A9D008CB391EF34C902CB96
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779134F, Relevance: .1, Instructions: 54COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a759285cc005f984e4aa941ef38f81ae2fb73125dec10cd634c69f5120b5516f
                              • Instruction ID: 965f39c178f338bd1cac6b770946821d6bb725ba2c0dcebb8f1ebea000e0e653
                              • Opcode Fuzzy Hash: a759285cc005f984e4aa941ef38f81ae2fb73125dec10cd634c69f5120b5516f
                              • Instruction Fuzzy Hash: 7A01FE312047445FC3259B39D95489E7B9BEFC62743004A59F195CB2D1CB70A90B87A1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07797FC8, Relevance: .1, Instructions: 53COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 763ad68eb5227ad9bd6e9823401ea818a7978108cf5cf03546a125cc7914e259
                              • Instruction ID: cd6d16dd56e79ae59971cb9bdf7127a5889a7c3f10124fad9c6113a2676273cb
                              • Opcode Fuzzy Hash: 763ad68eb5227ad9bd6e9823401ea818a7978108cf5cf03546a125cc7914e259
                              • Instruction Fuzzy Hash: 4D112570E002188FCF44DFA9D9486ADB7F2AF49344F00846AC419E7350EB759E46CF9A
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07796F6F, Relevance: .1, Instructions: 51COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0e375c48381dfa56e4b7a31d2193249608e388fbc3c1bc77161105f9f5dc67ab
                              • Instruction ID: 7901e0a0d285431860aacb410bc958fd18e87eadaf8653cb78f4d35f3de64032
                              • Opcode Fuzzy Hash: 0e375c48381dfa56e4b7a31d2193249608e388fbc3c1bc77161105f9f5dc67ab
                              • Instruction Fuzzy Hash: F511AC706016058FCF299B38E858A6ABBE3EF85355B04897DD00A8B351DB35E846CB91
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07799B88, Relevance: .0, Instructions: 49COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: d3984f22ff4c4031281edb31b757dfc9ca3d33ab5b1b4d722a778547d72eadee
                              • Instruction ID: 8774aecdd79a82aba1fd418f3f17c826c532baed84b00d6dd3f945ed27dcc0f7
                              • Opcode Fuzzy Hash: d3984f22ff4c4031281edb31b757dfc9ca3d33ab5b1b4d722a778547d72eadee
                              • Instruction Fuzzy Hash: E501F2B070662A0BDF10666AA85462F76DA9FC5294B04483DDA15CB381EF78EC048FD1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 077976D8, Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: eed3af4767c9c92e825be1c94f07cfd68d0233711f957d1f8a8f7bae60b40d8e
                              • Instruction ID: 31b5a1f8e85aa162fe20e8a09f91279f8a8a05657c26fdf2c84fd98c77314946
                              • Opcode Fuzzy Hash: eed3af4767c9c92e825be1c94f07cfd68d0233711f957d1f8a8f7bae60b40d8e
                              • Instruction Fuzzy Hash: F4019EB07205009FCB59EB2AE408B1EBBE79F846A1F19C069D408CB391EF34C9018B86
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07790EA0, Relevance: .0, Instructions: 47COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7b327cfccf54e41f5264e0ee5f563eb8ddc450d68b5f572236a716514157d689
                              • Instruction ID: bae79f3e40efac567a9c3a69319b971a0aba76c1eb70a07400edb100ff9fbaef
                              • Opcode Fuzzy Hash: 7b327cfccf54e41f5264e0ee5f563eb8ddc450d68b5f572236a716514157d689
                              • Instruction Fuzzy Hash: D5F046A1B082A82FC70612B52864A7B7F9BDFCA550F0440AAFB85C7242CC25CC5B87B0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02C5D005, Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.436752758.0000000002C5D000.00000040.00000001.sdmp, Offset: 02C5D000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 70afbfe91b571d28117a9302c7bb3912f16dabf4513c77391a8723a626d1995d
                              • Instruction ID: 6833b120742370879504b1d7e900cef8048de39e46c0f0a91ae0a60864b103b6
                              • Opcode Fuzzy Hash: 70afbfe91b571d28117a9302c7bb3912f16dabf4513c77391a8723a626d1995d
                              • Instruction Fuzzy Hash: 3801406140D3D05FD7128B258C94762BFB8EF83224F0981DBD9858F297C2699849C7B2
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 02C5D01D, Relevance: .0, Instructions: 45COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.436752758.0000000002C5D000.00000040.00000001.sdmp, Offset: 02C5D000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f00a9a25c23a30003a1fc411a0d2dafbb4405a3ef0d33ef25e6642746bf94a0c
                              • Instruction ID: d3d97fcf8018d67be063021718bc3e4e32bb030fe7438252e6bf9ecdecd0b7ca
                              • Opcode Fuzzy Hash: f00a9a25c23a30003a1fc411a0d2dafbb4405a3ef0d33ef25e6642746bf94a0c
                              • Instruction Fuzzy Hash: 2301A7714083649AD7204A16CCC4766BF98EFC1278F088559ED065B286C779D986C6F5
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07791360, Relevance: .0, Instructions: 43COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6b43e45658f143f4b4dc7271f7b8aa4b092ec27c38aa561ead607c496fff5c10
                              • Instruction ID: 786f291a0e2f1504ae5495bcd4c686dd96dde5508ac5fbd9c55e1a531e7cd249
                              • Opcode Fuzzy Hash: 6b43e45658f143f4b4dc7271f7b8aa4b092ec27c38aa561ead607c496fff5c10
                              • Instruction Fuzzy Hash: EC01F7312047495BC320AB29D81489EBB9BEFC53747004A29E265C73D0CB70A9068BA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07799310, Relevance: .0, Instructions: 39COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8164ee4fe04e0357c8e57f022e652500c614d88681c86806231e0fc1d9614b15
                              • Instruction ID: 9ae98298b7b4920933a6a9053d70654bba3d586371dd1fd5199eaeeaa23d6a90
                              • Opcode Fuzzy Hash: 8164ee4fe04e0357c8e57f022e652500c614d88681c86806231e0fc1d9614b15
                              • Instruction Fuzzy Hash: FBF024B1705284CBCF09AFB8AC551DDBFB79B8A260B08447ED25BD7342DE34491E8791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07791E38, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 8117d1e8c5baa47c5228db9e212a3329517b19a57a33ff8f5944c050c5b92a40
                              • Instruction ID: 47906842758534cff4050930959ef9752069bad6359acfa444d58c136b2ab39e
                              • Opcode Fuzzy Hash: 8117d1e8c5baa47c5228db9e212a3329517b19a57a33ff8f5944c050c5b92a40
                              • Instruction Fuzzy Hash: F9F08BB2504646ABC3209F28E804F85BFB4FF84350F04806AE14887252DB706850C7E1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779A4C9, Relevance: .0, Instructions: 33COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6bb31889659c4ff8c8fc45b6b65d30bdf156dd0c619f22f90126ffcece58926c
                              • Instruction ID: d68016ff30035b9947c8167f21090a0a203538cd0c225a90e10a5e96845b3d2c
                              • Opcode Fuzzy Hash: 6bb31889659c4ff8c8fc45b6b65d30bdf156dd0c619f22f90126ffcece58926c
                              • Instruction Fuzzy Hash: 46F0B472A051899FCF21DFB998568EEBFF1EE49210B0444A6E054D7252D2304526C791
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07790E50, Relevance: .0, Instructions: 29COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: a8eceee21381a5e10ed00a2c690c7809739f708ad18c12fb97903cbfe0902dfb
                              • Instruction ID: bf9669a5cd8afe5581b92480b2a3692b01cf844d01bd6c4d16a47adce4e29314
                              • Opcode Fuzzy Hash: a8eceee21381a5e10ed00a2c690c7809739f708ad18c12fb97903cbfe0902dfb
                              • Instruction Fuzzy Hash: 22F020A820C3C08FC70353B4A8289663F729F83100B0A84EAEA80CF1B3C929DC56C721
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07792534, Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6130e0cce8bbab1d5fb88a7949ed9d526f998ce5987b2ebf585274ec47b71b71
                              • Instruction ID: 4f240566b69686b971cabe3f6dc5c7f9331ef462032e1d5f56dcb9179c3dc8e6
                              • Opcode Fuzzy Hash: 6130e0cce8bbab1d5fb88a7949ed9d526f998ce5987b2ebf585274ec47b71b71
                              • Instruction Fuzzy Hash: 0DF03CB0A00605EFCB18DF25D564A59B7F2FF8C310F1485A8D406AB661CB30AD01CF40
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 077979EB, Relevance: .0, Instructions: 28COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: f903d33e76a4b716a98bd375f623ef05a8295f4b3ab040d22ef2297d7e3d2db2
                              • Instruction ID: 82d4f4ca65a4efd85c4615e9d8ba694aa6867623efbd95a28e29a7d29ff1b1d5
                              • Opcode Fuzzy Hash: f903d33e76a4b716a98bd375f623ef05a8295f4b3ab040d22ef2297d7e3d2db2
                              • Instruction Fuzzy Hash: E5F096B0A102198FDF149BA8E0187AD7371FB44649F10C978D006AB640CB345A08CFC0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07790E9F, Relevance: .0, Instructions: 27COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6a0d0203d34e31bb9affbc140f8a063d684b9665051d5a05705001f3dfd4c374
                              • Instruction ID: f6ed57365db0db036c4e9ded1f97be53b7ebbe83148b7bd905cb974aae157589
                              • Opcode Fuzzy Hash: 6a0d0203d34e31bb9affbc140f8a063d684b9665051d5a05705001f3dfd4c374
                              • Instruction Fuzzy Hash: 4BE026627081AC3FC32061AB2C00FBBBECED7CA2B1F084026FA48C3240C854884097F1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07796EC0, Relevance: .0, Instructions: 20COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: fcf5bb1fa9e9fcafa59700781b964326ea14313cd3eda26b12fb844891521b14
                              • Instruction ID: 3cbbb4c86e60579ff5da372f5ccb76e0dfe7a674a3ea16cc0043fab2a68badc3
                              • Opcode Fuzzy Hash: fcf5bb1fa9e9fcafa59700781b964326ea14313cd3eda26b12fb844891521b14
                              • Instruction Fuzzy Hash: FDE0863A2441D09FD7029BF4D519A953FB6EF4E260F0501F6E90CCB3A3C6248C55CB55
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779A498, Relevance: .0, Instructions: 18COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b3d59ac9b8ef80b9d25abfd4a13bdcb75fffaa1e90b9596f894de9dc3c4a6993
                              • Instruction ID: 91370d996dad6d7f11d1ba1ff12ac59fd6f1ada794d0b61983934c1652377e4f
                              • Opcode Fuzzy Hash: b3d59ac9b8ef80b9d25abfd4a13bdcb75fffaa1e90b9596f894de9dc3c4a6993
                              • Instruction Fuzzy Hash: 16E0ECB4142205CB8B14CB6ED448911F3E9AF8565935DC8BDC40C4B532D633E882CA51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07799158, Relevance: .0, Instructions: 17COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 77bdf3fdb016623ce549ff1fb8f5ff4030d034bc6f3680b4a6bf719b9257665a
                              • Instruction ID: f59923a527975dc7e81c856b515c8fcf3582b49417ee870586a0b4b5382e981b
                              • Opcode Fuzzy Hash: 77bdf3fdb016623ce549ff1fb8f5ff4030d034bc6f3680b4a6bf719b9257665a
                              • Instruction Fuzzy Hash: 3FD05BF0B55613CF9F18560CF858596B296BBC515031ACAFEA706C7314CA34EC418B81
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07796ED0, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 7c1cafac1ff61395400723b7bf3336741debf7eb9be95f7e9cbd44a5e8cabd46
                              • Instruction ID: 025f3d5cc050f0e059f90cc16c8ea640c93d7b660024119c9e97af30549cf5b8
                              • Opcode Fuzzy Hash: 7c1cafac1ff61395400723b7bf3336741debf7eb9be95f7e9cbd44a5e8cabd46
                              • Instruction Fuzzy Hash: 75D05E3A240124DFD301EB68E908E553BFAEB49361B0102E5FA0987361CB31DC108F95
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07797A4D, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63fbecbb4ab89f8ed646ed63b123a1751d1d0cc235c6056f480268d033a3badf
                              • Instruction ID: 2b3e7216b40afd988afd9964d681355555454512067f52ba16842aa1a8ef4d5d
                              • Opcode Fuzzy Hash: 63fbecbb4ab89f8ed646ed63b123a1751d1d0cc235c6056f480268d033a3badf
                              • Instruction Fuzzy Hash: 02E0BFB1D6520ACBEF189F99E4597ADBB71EB04B49F208565C015A5190D7780644CFD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07797A44, Relevance: .0, Instructions: 16COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 63fbecbb4ab89f8ed646ed63b123a1751d1d0cc235c6056f480268d033a3badf
                              • Instruction ID: 2b3e7216b40afd988afd9964d681355555454512067f52ba16842aa1a8ef4d5d
                              • Opcode Fuzzy Hash: 63fbecbb4ab89f8ed646ed63b123a1751d1d0cc235c6056f480268d033a3badf
                              • Instruction Fuzzy Hash: 02E0BFB1D6520ACBEF189F99E4597ADBB71EB04B49F208565C015A5190D7780644CFD0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 077985F0, Relevance: .0, Instructions: 15COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3d4d692b9e04fc0ddde6c3fbf8773d7cef70937e107d8557f406067d79359692
                              • Instruction ID: 4757a1aa3f52240c139efcd48eb359fcd5794371b72473adbab00d9fe6760e99
                              • Opcode Fuzzy Hash: 3d4d692b9e04fc0ddde6c3fbf8773d7cef70937e107d8557f406067d79359692
                              • Instruction Fuzzy Hash: 3DD09EB0501205CBDB58CF6AD844821B7E9BF86659318C8BDD00D8A212D637D453DF51
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07790E4F, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4e9d91af171f49c220ac86b2913d2ece29af8d7393bdabecb42fcad9558e75a3
                              • Instruction ID: 3f10461d8a22d0ae156315488b91bb2f8d55a6c29f92f555715351dae229326a
                              • Opcode Fuzzy Hash: 4e9d91af171f49c220ac86b2913d2ece29af8d7393bdabecb42fcad9558e75a3
                              • Instruction Fuzzy Hash: 52D012B91411099FD6109655E815EA27FACAB54601F0880A1FA048F161D622D840CBA0
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779ABFA, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 1d7f3eacb0ac3952ae5a974fbacaafedc61aff63608cbd4f8984f4e6b1ec582a
                              • Instruction ID: f67a9f7e5e4d4a5b92661eed45f12fa8874c49314643d6109571899868b8d6f1
                              • Opcode Fuzzy Hash: 1d7f3eacb0ac3952ae5a974fbacaafedc61aff63608cbd4f8984f4e6b1ec582a
                              • Instruction Fuzzy Hash: A5C0127AF051148F8F008698B8400DCF732EFC8175B058462D90693200D7355911C680
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779ABE5, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 0a789fd2868b16779fc85cd3c4f90480928a2ec30d887b31a76aca8096015aa4
                              • Instruction ID: 2df9ead0c26afcaa0efebf85251899d8aadc2d0cbea416f13b9b07ab8ee61c14
                              • Opcode Fuzzy Hash: 0a789fd2868b16779fc85cd3c4f90480928a2ec30d887b31a76aca8096015aa4
                              • Instruction Fuzzy Hash: 01C0127AF051148F8F008694B8400DCF732EFC82B5F054462D90693200D7355911C680
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779ABBB, Relevance: .0, Instructions: 13COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: b332fc8df7a5b94f64784f353c785aa43b5195f3cbc67aa8127bd6fb80ee4593
                              • Instruction ID: b4b45cd761c1530e35429dabdf923dd194c9fbe5927060873f4097b0439500e0
                              • Opcode Fuzzy Hash: b332fc8df7a5b94f64784f353c785aa43b5195f3cbc67aa8127bd6fb80ee4593
                              • Instruction Fuzzy Hash: CEC0127AF012188B8F008695B8400DCF732EBC8175F054462D90693200D7355911C680
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779AC24, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 6821ca28fe2fc4ea4a7c13e7ddceb485eb5f594700962f2f4f86514805aae56c
                              • Instruction ID: ccbb22d1c0f6ab90e4e86e41d5db10df731f0cf0ee86bc043351ce3d80963f5e
                              • Opcode Fuzzy Hash: 6821ca28fe2fc4ea4a7c13e7ddceb485eb5f594700962f2f4f86514805aae56c
                              • Instruction Fuzzy Hash: 8BC0127AB010188B8F00CA99F9400DCF772EB882A6B104162E90AA3200D6346E1ACA80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779ACA9, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 4328ee36602e7df5ea44ab890926fd607f4972f46585e7712f4073781ba98846
                              • Instruction ID: cf4b8b53e55d342272a76ce9e30b69849da14b6eb8ad9200a87fea62c2c0cd1a
                              • Opcode Fuzzy Hash: 4328ee36602e7df5ea44ab890926fd607f4972f46585e7712f4073781ba98846
                              • Instruction Fuzzy Hash: 2CC0127AB010188B8F00CA98F9400DCFB72EB882A2B104162E90AA3200E6346E12CA80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779ABA8, Relevance: .0, Instructions: 12COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 93eacadcbc016328e764a88feffceac9b61217a9c645e4c563960dd6f0376613
                              • Instruction ID: 86090b6e93e1ba12c18abcfb67e5ff0bd5c2e3261202f82ddda36185dac19918
                              • Opcode Fuzzy Hash: 93eacadcbc016328e764a88feffceac9b61217a9c645e4c563960dd6f0376613
                              • Instruction Fuzzy Hash: C2C0127AB010188B8F00CA88F9400DCF772EB882AAB1041A2E90AA3200D3346E1ACA80
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 0779168B, Relevance: .0, Instructions: 10COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
                              • Instruction ID: 6ef08b365cd68f9ccc1d9e54e9bebc3d6041dd9d8edd6263c98aff9e780e677f
                              • Opcode Fuzzy Hash: 3543594cefebbad7f357d94d4ca891486bb79a0d67da2a61fdfd292c73342e8f
                              • Instruction Fuzzy Hash: 72C0123AA41008CF8B04CA88E0408D8BBB0EF98322B4000A2E201A7620C732ED20CA50
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 07795DF5, Relevance: .0, Instructions: 9COMMON
                              Download Yara Rule
                              Memory Dump Source
                              • Source File: 0000000B.00000002.448752850.0000000007790000.00000040.00000001.sdmp, Offset: 07790000, based on PE: false
                              Similarity
                              • API ID:
                              • String ID:
                              • API String ID:
                              • Opcode ID: 25c91fe567c430ba34267b3a5b11458262e8dd0274b3c57fd9617c34c6cb038e
                              • Instruction ID: c756cb182f8f0493eba4b729bd4faadf07a9e3d8e4e953d89d6f5a075eee8234
                              • Opcode Fuzzy Hash: 25c91fe567c430ba34267b3a5b11458262e8dd0274b3c57fd9617c34c6cb038e
                              • Instruction Fuzzy Hash: 64C0927BF0100D9BDB04DBE5F8894EDF732EBD833AB058073D315A20408A3A1126DB60
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions

                              Analysis Process: powershell.exe PID: 6132 Parent PID: 5820 powershell.exeCOMMON

                              Executed Functions

                              Function 026C72A8, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                              Download Yara Rule
                              APIs
                              • RtlEncodePointer.NTDLL(00000000,?,?,?,?,?,?,?,?,?,026CE272), ref: 026CE4FF
                              Memory Dump Source
                              • Source File: 0000000F.00000002.450783309.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                              Similarity
                              • API ID: EncodePointer
                              • String ID:
                              • API String ID: 2118026453-0
                              • Opcode ID: c2bc9b32eddca67af5c7171fcddd0d9488d06aa59d252fb2a71413599cc35c8d
                              • Instruction ID: 913f933ed0f7a985c7da450727995fd7bb2660d1c4265d653db698d1430815d0
                              • Opcode Fuzzy Hash: c2bc9b32eddca67af5c7171fcddd0d9488d06aa59d252fb2a71413599cc35c8d
                              • Instruction Fuzzy Hash: E21158B18043488FCB20DF99D548BDEBBF4EB49228F14845AD519A7300D375A945CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026C72B4, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                              Download Yara Rule
                              APIs
                              • RtlEncodePointer.NTDLL(00000000,?,?,?,?,?,?,?,?,?,026CE272), ref: 026CE4FF
                              Memory Dump Source
                              • Source File: 0000000F.00000002.450783309.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                              Similarity
                              • API ID: EncodePointer
                              • String ID:
                              • API String ID: 2118026453-0
                              • Opcode ID: 20c3762b5f7be9d7dcb3fd5a5fe470244eba670feebc771efd7bcbabe660dbf9
                              • Instruction ID: e345514f0088679b8d5ae2790442cc533348b5280fc98d7688125189a039ca73
                              • Opcode Fuzzy Hash: 20c3762b5f7be9d7dcb3fd5a5fe470244eba670feebc771efd7bcbabe660dbf9
                              • Instruction Fuzzy Hash: A11103B19042488FDB20DF99D548BEEBBF4EB49328F20845AD519A7300D775A944CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026CE499, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                              Download Yara Rule
                              APIs
                              • RtlEncodePointer.NTDLL(00000000,?,?,?,?,?,?,?,?,?,026CE272), ref: 026CE4FF
                              Memory Dump Source
                              • Source File: 0000000F.00000002.450783309.00000000026C0000.00000040.00000001.sdmp, Offset: 026C0000, based on PE: false
                              Similarity
                              • API ID: EncodePointer
                              • String ID:
                              • API String ID: 2118026453-0
                              • Opcode ID: b8a555d92062462f0692a19b28e63503ca2dcd8ff45be9ecb6eeb17bec256084
                              • Instruction ID: 5b8718abc0b950471a21c69c1853a1cc1ddaca319df4fa7a2c7f0c04208244d1
                              • Opcode Fuzzy Hash: b8a555d92062462f0692a19b28e63503ca2dcd8ff45be9ecb6eeb17bec256084
                              • Instruction Fuzzy Hash: 2211F2B19002498FDB20CF99D588BDEBBF4EB49328F20845ED559A3700D375A944CFA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026DBF97, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                              Download Yara Rule
                              APIs
                              • GetPrivateProfileStringW.KERNEL32 ref: 026DBFF0
                              Memory Dump Source
                              • Source File: 0000000F.00000002.450849715.00000000026D0000.00000040.00000001.sdmp, Offset: 026D0000, based on PE: false
                              Similarity
                              • API ID: PrivateProfileString
                              • String ID:
                              • API String ID: 1096422788-0
                              • Opcode ID: df32d4a5a3627f780676f699447627c394961bed87573c63e70aa94361ce2e0c
                              • Instruction ID: 91ba81e8f93e2a67ef63a527d7e62184ec6849e93e5617311d4207852e59b9e7
                              • Opcode Fuzzy Hash: df32d4a5a3627f780676f699447627c394961bed87573c63e70aa94361ce2e0c
                              • Instruction Fuzzy Hash: 0911E279A0021D8FCB04EFA8C99499DB7B2BB48204F1105A8E501AB3A1CB76AD06CB61
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Function 026DBFA8, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                              Download Yara Rule
                              APIs
                              • GetPrivateProfileStringW.KERNEL32 ref: 026DBFF0
                              Memory Dump Source
                              • Source File: 0000000F.00000002.450849715.00000000026D0000.00000040.00000001.sdmp, Offset: 026D0000, based on PE: false
                              Similarity
                              • API ID: PrivateProfileString
                              • String ID:
                              • API String ID: 1096422788-0
                              • Opcode ID: f34a6cff74689ae979d2bd98b0567a6792b0e842ecea1aa40002927fc910457f
                              • Instruction ID: 505c9a21103331ffc1bf656f3b0f37ec4285eb8e1f0e839792f043cde5f07285
                              • Opcode Fuzzy Hash: f34a6cff74689ae979d2bd98b0567a6792b0e842ecea1aa40002927fc910457f
                              • Instruction Fuzzy Hash: F701D374A0021D8FCB14EFA8C99499EB7B2FF48204F110599E401BB361CB76AD05CBA1
                              Uniqueness

                              Uniqueness Score: -1.00%

                              Non-executed Functions