Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Purchase Order.exe

Overview

General Information

Sample Name:Purchase Order.exe
Analysis ID:385474
MD5:4953a0238e781408fae3ee737bf14ac4
SHA1:006a605fa48b26b27e859c031340344937858398
SHA256:51688c6b77d1a093fc0d9efe21413f09d1bfef7907a726e8498e2173abb7c8d4
Tags:exe
Infos:

Most interesting Screenshot:

Detection

Matiex
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Matiex Keylogger
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Beds Obfuscator
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Startup

  • System is w10x64
  • Purchase Order.exe (PID: 6632 cmdline: 'C:\Users\user\Desktop\Purchase Order.exe' MD5: 4953A0238E781408FAE3EE737BF14AC4)
    • Purchase Order.exe (PID: 6784 cmdline: C:\Users\user\Desktop\Purchase Order.exe MD5: 4953A0238E781408FAE3EE737BF14AC4)
      • dw20.exe (PID: 6824 cmdline: dw20.exe -x -s 748 MD5: 8D10DA8A3E11747E51F23C882C22BBC3)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
    00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmpJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
      00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
        00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmpJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
          00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmpJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.Purchase Order.exe.3c71470.2.unpackJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
              0.2.Purchase Order.exe.3c71470.2.unpackJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
                2.2.Purchase Order.exe.4228d4.1.raw.unpackJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
                  2.2.Purchase Order.exe.4228d4.1.raw.unpackJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
                    2.2.Purchase Order.exe.400000.0.unpackJoeSecurity_MatiexYara detected Matiex KeyloggerJoe Security
                      Click to see the 7 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: Purchase Order.exeVirustotal: Detection: 34%Perma Link
                      Source: Purchase Order.exeMetadefender: Detection: 13%Perma Link
                      Source: Purchase Order.exeReversingLabs: Detection: 47%
                      Source: 2.2.Purchase Order.exe.400000.0.unpackAvira: Label: TR/Redcap.jajcu
                      Source: Purchase Order.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: Purchase Order.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, Purchase Order.exe, 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp
                      Source: Binary string: mscorrc.pdb source: Purchase Order.exe, 00000000.00000002.359685105.0000000005BB0000.00000002.00000001.sdmp, Purchase Order.exe, 00000002.00000002.429541120.00000000056D0000.00000002.00000001.sdmp
                      Source: Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, Purchase Order.exe, 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_05843819
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h0_2_05843828
                      Source: unknownDNS traffic detected: queries for: clientconfig.passport.net
                      Source: Purchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpString found in binary or memory: http://en.w
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                      Source: Purchase Order.exeString found in binary or memory: http://weather.gc.ca/astro/seeing_e.html)
                      Source: Purchase Order.exe, 00000000.00000003.329870889.0000000004DB5000.00000004.00000001.sdmpString found in binary or memory: http://www.agfamonotype.
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: Purchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com.
                      Source: Purchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com4
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comCf
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comg
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comk
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comle
                      Source: Purchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comlt
                      Source: Purchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.como.M
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.347164147.0000000004D80000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: Purchase Order.exe, 00000000.00000003.330299371.0000000004DB5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.html8
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: Purchase Order.exe, 00000000.00000003.329870889.0000000004DB5000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: Purchase Order.exe, 00000000.00000003.347164147.0000000004D80000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comdiaa3W
                      Source: Purchase Order.exe, 00000000.00000003.347164147.0000000004D80000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comldva
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: Purchase Order.exe, 00000000.00000003.331404936.0000000004DB5000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: Purchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/NW
                      Source: Purchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/d
                      Source: Purchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/e
                      Source: Purchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/ita
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.327836247.0000000004DB5000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.324401456.0000000004D9B000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cndkW
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cne
                      Source: Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cnueGZ
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

                      System Summary:

                      barindex
                      Initial sample is a PE file and has a suspicious nameShow sources
                      Source: initial sampleStatic PE information: Filename: Purchase Order.exe
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05B40F62 NtQueryInformationProcess,0_2_05B40F62
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05B410D2 NtQuerySystemInformation,0_2_05B410D2
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05B41097 NtQuerySystemInformation,0_2_05B41097
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05B40F40 NtQueryInformationProcess,0_2_05B40F40
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA00980_2_04BA0098
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA56A00_2_04BA56A0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA2AC00_2_04BA2AC0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA0B800_2_04BA0B80
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA1BF10_2_04BA1BF1
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BABF780_2_04BABF78
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA13480_2_04BA1348
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BAB8B80_2_04BAB8B8
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BACDC80_2_04BACDC8
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA9D780_2_04BA9D78
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA49600_2_04BA4960
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA49510_2_04BA4951
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA568F0_2_04BA568F
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA42380_2_04BA4238
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA42280_2_04BA4228
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA4BB00_2_04BA4BB0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA37B10_2_04BA37B1
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA4BA00_2_04BA4BA0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA9FC80_2_04BA9FC8
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA37C00_2_04BA37C0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BAA3700_2_04BAA370
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05841E200_2_05841E20
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058406680_2_05840668
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058421C00_2_058421C0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058409190_2_05840919
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058409280_2_05840928
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_058406580_2_05840658
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08085C680_2_08085C68
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08086CA20_2_08086CA2
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080851100_2_08085110
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08084D980_2_08084D98
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080849F80_2_080849F8
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08087B080_2_08087B08
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080863B00_2_080863B0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_0808E3E00_2_0808E3E0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08085C110_2_08085C11
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08089C480_2_08089C48
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_0808006C0_2_0808006C
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080800700_2_08080070
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_0808D8700_2_0808D870
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080888980_2_08088898
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08089A280_2_08089A28
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_0808D2A00_2_0808D2A0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080892B00_2_080892B0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08085BE50_2_08085BE5
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 748
                      Source: Purchase Order.exe, 00000000.00000002.347477707.00000000003E8000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAssemblyName.exeP vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll" vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameVNXT.exe* vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameu.exe4 vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000000.00000002.359685105.0000000005BB0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000000.00000002.348944578.00000000029D1000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSimpleUI.dll2 vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameVNXT.exe* vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameu.exe4 vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000002.00000000.346719432.0000000000F38000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAssemblyName.exeP vs Purchase Order.exe
                      Source: Purchase Order.exe, 00000002.00000002.429541120.00000000056D0000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Purchase Order.exe
                      Source: Purchase Order.exeBinary or memory string: OriginalFilenameAssemblyName.exeP vs Purchase Order.exe
                      Source: Purchase Order.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal80.troj.evad.winEXE@5/4@1/0
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05B40CBE AdjustTokenPrivileges,0_2_05B40CBE
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_05B40C87 AdjustTokenPrivileges,0_2_05B40C87
                      Source: C:\Users\user\Desktop\Purchase Order.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Purchase Order.exe.logJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER39C9.tmpJump to behavior
                      Source: Purchase Order.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeSection loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: Select * from UnmanagedMemoryStreamWrapper WHERE modelo=@modelo;?
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel5Erro ao listar Banco sql-UnmanagedMemoryStreamWrapper.INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: INSERT INTO UnmanagedMemoryStreamWrapper VALUES(@modelo, @fabricante, @ano, @cor);
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
                      Source: Purchase Order.exeVirustotal: Detection: 34%
                      Source: Purchase Order.exeMetadefender: Detection: 13%
                      Source: Purchase Order.exeReversingLabs: Detection: 47%
                      Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order.exe 'C:\Users\user\Desktop\Purchase Order.exe'
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order.exe C:\Users\user\Desktop\Purchase Order.exe
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 748
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order.exe C:\Users\user\Desktop\Purchase Order.exeJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 748Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                      Source: Purchase Order.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: C:\Users\user\Desktop\Purchase Order.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dllJump to behavior
                      Source: Purchase Order.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                      Source: Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdb source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, Purchase Order.exe, 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp
                      Source: Binary string: mscorrc.pdb source: Purchase Order.exe, 00000000.00000002.359685105.0000000005BB0000.00000002.00000001.sdmp, Purchase Order.exe, 00000002.00000002.429541120.00000000056D0000.00000002.00000001.sdmp
                      Source: Binary string: D:\Before FprmT\Document VB project\FireFox Stub\FireFox Stub\obj\Debug\VNXT.pdbh} source: Purchase Order.exe, 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, Purchase Order.exe, 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp

                      Data Obfuscation:

                      barindex
                      Yara detected Beds ObfuscatorShow sources
                      Source: Yara matchFile source: 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6632, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6784, type: MEMORY
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.4228d4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c91f44.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3bfe060.4.raw.unpack, type: UNPACKEDPE
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_00322114 push ss; retf 0_2_00322117
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_00325C7D push 00000072h; ret 0_2_00325C83
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_00E5828C pushad ; retf 0_2_00E58291
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_00E57366 push ecx; ret 0_2_00E57341
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_00E5731E push ecx; ret 0_2_00E57341
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA88FF push ecx; ret 0_2_04BA8901
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_04BA650E push ds; iretd 0_2_04BA6510
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_080858D1 push ebp; iretd 0_2_080858D2
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 0_2_08085548 push 58FFFFFFh; ret 0_2_0808554D
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_00E75C7D push 00000072h; ret 2_2_00E75C83
                      Source: C:\Users\user\Desktop\Purchase Order.exeCode function: 2_2_00E72114 push ss; retf 2_2_00E72117
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.4406354621
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM3Show sources
                      Source: Yara matchFile source: 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6632, type: MEMORY
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Yara detected Beds ObfuscatorShow sources
                      Source: Yara matchFile source: 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6632, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6784, type: MEMORY
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.4228d4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c91f44.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3bfe060.4.raw.unpack, type: UNPACKEDPE
                      Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6636Thread sleep time: -100265s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exe TID: 6676Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 100265Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: VMWARE
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: Purchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\Desktop\Purchase Order.exeMemory written: C:\Users\user\Desktop\Purchase Order.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Users\user\Desktop\Purchase Order.exe C:\Users\user\Desktop\Purchase Order.exeJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeProcess created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe dw20.exe -x -s 748Jump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Purchase Order.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected Matiex KeyloggerShow sources
                      Source: Yara matchFile source: 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6632, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6784, type: MEMORY
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.4228d4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c91f44.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3bfe060.4.raw.unpack, type: UNPACKEDPE

                      Remote Access Functionality:

                      barindex
                      Yara detected Matiex KeyloggerShow sources
                      Source: Yara matchFile source: 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6632, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Purchase Order.exe PID: 6784, type: MEMORY
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.4228d4.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.Purchase Order.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c91f44.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3c71470.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Purchase Order.exe.3bfe060.4.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management InstrumentationPath InterceptionAccess Token Manipulation1Masquerading1OS Credential DumpingQuery Registry1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection111Disable or Modify Tools1LSASS MemorySecurity Software Discovery111Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Access Token Manipulation1NTDSVirtualization/Sandbox Evasion31Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection111LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Information Discovery12VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 385474 Sample: Purchase Order.exe Startdate: 12/04/2021 Architecture: WINDOWS Score: 80 18 clientconfig.passport.net 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 Yara detected Matiex Keylogger 2->22 24 Yara detected AntiVM3 2->24 26 3 other signatures 2->26 8 Purchase Order.exe 3 2->8         started        signatures3 process4 file5 16 C:\Users\user\...\Purchase Order.exe.log, ASCII 8->16 dropped 28 Injects a PE file into a foreign processes 8->28 12 Purchase Order.exe 2 8->12         started        signatures6 process7 process8 14 dw20.exe 22 6 12->14         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Purchase Order.exe35%VirustotalBrowse
                      Purchase Order.exe19%MetadefenderBrowse
                      Purchase Order.exe48%ReversingLabsByteCode-MSIL.Infostealer.Coins

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      2.2.Purchase Order.exe.400000.0.unpack100%AviraTR/Redcap.jajcuDownload File

                      Domains

                      SourceDetectionScannerLabelLink
                      clientconfig.passport.net0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                      http://www.fontbureau.comdiaa3W0%Avira URL Cloudsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://www.tiro.com0%URL Reputationsafe
                      http://weather.gc.ca/astro/seeing_e.html)0%Avira URL Cloudsafe
                      http://www.carterandcone.com40%Avira URL Cloudsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.goodfont.co.kr0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.carterandcone.com0%URL Reputationsafe
                      http://www.carterandcone.com.0%URL Reputationsafe
                      http://www.carterandcone.com.0%URL Reputationsafe
                      http://www.carterandcone.com.0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.sajatypeworks.com0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.typography.netD0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://fontfabrik.com0%URL Reputationsafe
                      http://www.fontbureau.comldva0%Avira URL Cloudsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.sandoll.co.kr0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.urwpp.deDPlease0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.zhongyicts.com.cn0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.sakkal.com0%URL Reputationsafe
                      http://www.galapagosdesign.com/0%URL Reputationsafe
                      http://www.galapagosdesign.com/0%URL Reputationsafe
                      http://www.galapagosdesign.com/0%URL Reputationsafe
                      http://www.agfamonotype.0%URL Reputationsafe
                      http://www.agfamonotype.0%URL Reputationsafe
                      http://www.agfamonotype.0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/NW0%Avira URL Cloudsafe
                      http://www.carterandcone.comTC0%URL Reputationsafe
                      http://www.carterandcone.comTC0%URL Reputationsafe
                      http://www.carterandcone.comTC0%URL Reputationsafe
                      http://www.carterandcone.como.M0%Avira URL Cloudsafe
                      http://www.carterandcone.comlt0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cnueGZ0%Avira URL Cloudsafe
                      http://www.carterandcone.comCf0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cne0%Avira URL Cloudsafe
                      http://www.carterandcone.comg0%Avira URL Cloudsafe
                      http://en.w0%URL Reputationsafe
                      http://en.w0%URL Reputationsafe
                      http://en.w0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.coml0%URL Reputationsafe
                      http://www.carterandcone.comk0%URL Reputationsafe
                      http://www.carterandcone.comk0%URL Reputationsafe
                      http://www.carterandcone.comk0%URL Reputationsafe
                      http://www.carterandcone.comle0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.founder.com.cn/cn0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/ita0%Avira URL Cloudsafe
                      http://www.zhongyicts.com.cndkW0%Avira URL Cloudsafe
                      http://www.jiyu-kobo.co.jp/e0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/e0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/e0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/d0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/d0%URL Reputationsafe
                      http://www.jiyu-kobo.co.jp/d0%URL Reputationsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      clientconfig.passport.net
                      		unknown
                      		unknownfalseunknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://www.fontbureau.com/designersGPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                        		high
                        http://www.fontbureau.com/designers/?Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bThePurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers?Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.com/designers/cabarga.html8Purchase Order.exe, 00000000.00000003.330299371.0000000004DB5000.00000004.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.comdiaa3WPurchase Order.exe, 00000000.00000003.347164147.0000000004D80000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.tiro.comPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.324401456.0000000004D9B000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://weather.gc.ca/astro/seeing_e.html)Purchase Order.exefalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designersPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.347164147.0000000004D80000.00000004.00000001.sdmpfalse
                                		high
                                http://www.carterandcone.com4Purchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.goodfont.co.krPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.carterandcone.comPurchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssPurchase Order.exe, 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.carterandcone.com.Purchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sajatypeworks.comPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.typography.netDPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cn/cThePurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.comldvaPurchase Order.exe, 00000000.00000003.347164147.0000000004D80000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.galapagosdesign.com/DPleasePurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fonts.comPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.sandoll.co.krPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.urwpp.deDPleasePurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.zhongyicts.com.cnPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.sakkal.comPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.327836247.0000000004DB5000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.apache.org/licenses/LICENSE-2.0Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.comPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.galapagosdesign.com/Purchase Order.exe, 00000000.00000003.331404936.0000000004DB5000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.agfamonotype.Purchase Order.exe, 00000000.00000003.329870889.0000000004DB5000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/NWPurchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carterandcone.comTCPurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.carterandcone.como.MPurchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carterandcone.comltPurchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnueGZPurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carterandcone.comCfPurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.zhongyicts.com.cnePurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.carterandcone.comgPurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://en.wPurchase Order.exe, 00000000.00000003.326857154.0000000004D85000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.carterandcone.comlPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.carterandcone.comkPurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.carterandcone.comlePurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/cabarga.htmlNPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cnPurchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/frere-jones.htmlPurchase Order.exe, 00000000.00000003.329870889.0000000004DB5000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmp, Purchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/itaPurchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.com/designers8Purchase Order.exe, 00000000.00000002.355094483.0000000004F92000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.zhongyicts.com.cndkWPurchase Order.exe, 00000000.00000003.326231503.0000000004D86000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/ePurchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.jiyu-kobo.co.jp/dPurchase Order.exe, 00000000.00000003.327278693.0000000004D88000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown

                                              Contacted IPs

                                              No contacted IP infos

                                              General Information

                                              Joe Sandbox Version:31.0.0 Emerald
                                              Analysis ID:385474
                                              Start date:12.04.2021
                                              Start time:15:16:19
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 7m 49s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:Purchase Order.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:24
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal80.troj.evad.winEXE@5/4@1/0
                                              EGA Information:Failed
                                              HDC Information:
                                              • Successful, ratio: 4.6% (good quality ratio 2.8%)
                                              • Quality average: 33.4%
                                              • Quality standard deviation: 33.7%
                                              HCA Information:
                                              • Successful, ratio: 81%
                                              • Number of executed functions: 204
                                              • Number of non-executed functions: 27
                                              Cookbook Comments:
                                              • Adjust boot time
                                              • Enable AMSI
                                              • Found application associated with file extension: .exe
                                              Warnings:
                                              Show All
                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, wermgr.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                              • Excluded IPs from analysis (whitelisted): 52.147.198.201, 104.42.151.234, 2.23.155.232, 2.23.155.186, 20.50.102.62, 88.221.62.148, 92.123.150.225, 92.122.213.194, 92.122.213.247, 13.88.21.125, 52.155.217.156, 20.54.26.129, 92.122.144.200
                                              • Excluded domains from analysis (whitelisted): arc.msn.com.nsatc.net, 2-01-3cf7-0009.cdx.cedexis.net, a767.dspw65.akamai.net, wu-fg-shim.trafficmanager.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, e11290.dspg.akamaiedge.net, e13551.dscg.akamaiedge.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, msagfx.live.com-6.edgekey.net, authgfx.msa.akadns6.net, go.microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, consumerrp-displaycatalog-aks2eap.md.mp.microsoft.com.akadns.net, prod.fs.microsoft.com.akadns.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, download.windowsupdate.com, download.windowsupdate.com.edgesuite.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, go.microsoft.com.edgekey.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              15:17:15API Interceptor1x Sleep call for process: Purchase Order.exe modified
                                              15:17:57API Interceptor1x Sleep call for process: dw20.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              No context

                                              Domains

                                              No context

                                              ASN

                                              No context

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Purchase Order.e_f38b3ed14dba9e7d30b75ea9b7736a5b21d8e31f_00000000_1afbc56f\Report.wer
                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                              File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):10158
                                              Entropy (8bit):3.7633564412815135
                                              Encrypted:false
                                              SSDEEP:96:CyenOSA/0zxWs5h5pXI/+BHUHZopAnQ0DFH2EmSonj+wdOyWnEeVc1F9ZQb5iMFH:xenOgDHvaPLk9Mn/u7sNS274ItF
                                              MD5:EDC36D4D4D275A2B46249E2AA6CBE55E
                                              SHA1:CE36456426E58D96F323193F6F7460D1C6DF29FD
                                              SHA-256:43C54784D385E90B057C8EC509CCDA80BBBDC682881ABA512350D59A223FF660
                                              SHA-512:FFD703F69DDE2300B11527CEBB7A808B76CB14FECD45AAA8FD185C3229D5E262AF84B0EE7E53FB5F0FB77201F12102FAB2A637927652AA40576BA0AB0C82B0CC
                                              Malicious:false
                                              Reputation:low
                                              Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.6.2.7.3.9.4.4.1.6.4.5.9.7.2.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.6.2.7.3.9.4.4.3.8.9.5.9.6.1.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.9.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.c.3.4.c.9.f.7.f.-.8.4.c.1.-.4.8.6.d.-.a.1.9.0.-.e.8.2.7.9.8.6.2.2.1.4.d.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.A.s.s.e.m.b.l.y.N.a.m.e...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.8.0.-.0.0.0.1.-.0.0.1.7.-.3.4.c.5.-.2.f.9.a.e.9.2.f.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.6.a.b.f.0.9.a.7.d.4.c.1.1.e.2.7.b.a.7.0.b.c.3.0.f.a.2.d.6.c.a.0.0.0.0.0.0.0.0.0.!.0.0.0.0.0.0.6.a.6.0.5.f.a.4.8.b.2.6.b.2.7.e.8.5.9.c.0.3.1.3.4.0.3.4.4.9.3.7.8.5.8.3.9.8.!.P.u.r.c.h.a.s.e. .O.r.d.e.r...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.2.0.2.1././.0.4././.1.1.:.1.5.:.5.8.:.5.9.!.0.!.P.u.r.c.h.a.s.e. .O.r.d.e.r...e.x.e.....B.o.o.t.I.d.=.4.
                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER39C9.tmp.WERInternalMetadata.xml
                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                              File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):7624
                                              Entropy (8bit):3.7001256134003873
                                              Encrypted:false
                                              SSDEEP:192:Rrl7r3GLNiA+G6bgB6YU+56IgmfkT8SwCp15D1flTm:RrlsNiY6bgB6Yj6IgmfkYSZ5xfM
                                              MD5:5485A5684E2E126255D69664087FA626
                                              SHA1:AB9F71D28E5277EC7844E55A368235DF292D1AA6
                                              SHA-256:B57AF341EAAC6AE884AE2CC577B34DF4794A1BB524E299531D1294B396A97752
                                              SHA-512:F2B54944402CD6C9510542003D56622D056B7877BCF3971A3B6A341CBA2865A58B9C512012BF263534F36292A130D3296525BCDB77FAAE7CDE4470F1AB1DC2F0
                                              Malicious:false
                                              Reputation:low
                                              Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.7.8.4.<./.P.i.d.>.......
                                              C:\ProgramData\Microsoft\Windows\WER\Temp\WER3AC4.tmp.xml
                                              Process:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                              File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):4614
                                              Entropy (8bit):4.484824980131556
                                              Encrypted:false
                                              SSDEEP:48:cvIwSD8zsCJgtWI9qUWSC8BCTM8fm8M4JFKf5vNJoFpvX+q8dB6saq+QIeO1VOd:uITfQBNSNUJFKRjqvX+YTqDxMOd
                                              MD5:805AA8E5719DA0E01DF875EA504F3165
                                              SHA1:CB1AF469E3B11D07D6F89DDC7CDC3E6D667F3DF0
                                              SHA-256:26FD6FD2682CFBB4AA36E13E8B930D164C539141F6405F63BC27085B702DED68
                                              SHA-512:9DB71DE84D0847CC4AD4F541F7E50D46BDAF9B000E680FA5BEEC70225D81A7C25953B509D0831E936A6540EDADE3879AA622B9CEFAE4938B22BD98D5BCEDB0C4
                                              Malicious:false
                                              Reputation:low
                                              Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="943648" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                              C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Purchase Order.exe.log
                                              Process:C:\Users\user\Desktop\Purchase Order.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):664
                                              Entropy (8bit):5.288448637977022
                                              Encrypted:false
                                              SSDEEP:12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
                                              MD5:B1DB55991C3DA14E35249AEA1BC357CA
                                              SHA1:0DD2D91198FDEF296441B12F1A906669B279700C
                                              SHA-256:34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
                                              SHA-512:BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
                                              Malicious:true
                                              Reputation:moderate, very likely benign file
                                              Preview: 1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):7.40598591003729
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                              • Win32 Executable (generic) a (10002005/4) 49.75%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Windows Screen Saver (13104/52) 0.07%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              File name:Purchase Order.exe
                                              File size:826368
                                              MD5:4953a0238e781408fae3ee737bf14ac4
                                              SHA1:006a605fa48b26b27e859c031340344937858398
                                              SHA256:51688c6b77d1a093fc0d9efe21413f09d1bfef7907a726e8498e2173abb7c8d4
                                              SHA512:57920e2f67b62c443eb3f5319697b75d892df7a78a04f330f00aae8b821714719d2a2af1bec849765effc4df64f8ddf0bed4ed3cf81005cbcc7fff46cfd1d3c7
                                              SSDEEP:12288:LDlXerqEw/rZm+ZoF2pYGIZv4LYSdSC3I7GwPP5qRzYjJsa9ODrmOzvZ1+fLI/LE:LDderqn/w+/pYFvRC3I7GPc
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....s`..............P..N...L.......l... ........@.. ....................................@................................

                                              File Icon

                                              Icon Hash:4125655370600101

                                              Static PE Info

                                              General

                                              Entrypoint:0x4c6cae
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0x60731CC3 [Sun Apr 11 15:58:59 2021 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:v2.0.50727
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xc6c540x57.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xc80000x4928.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xce0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000xc4cb40xc4e00False0.751769593254data7.4406354621IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rsrc0xc80000x49280x4a00False0.152502111486data2.63585312657IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0xce0000xc0x200False0.044921875data0.0980041756627IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0xc81300x4228dBase IV DBT of \200.DBF, blocks size 0, block length 16384, next free block index 40, next free block 4294967295, next used block 4294967295
                                              RT_GROUP_ICON0xcc3580x14data
                                              RT_VERSION0xcc36c0x3d0data
                                              RT_MANIFEST0xcc73c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Version Infos

                                              DescriptionData
                                              Translation0x0000 0x04b0
                                              LegalCopyrightCopyright CodeUnit 2007
                                              Assembly Version2007.8.28.1
                                              InternalNameAssemblyName.exe
                                              FileVersion2007.08.28.1
                                              CompanyNameCodeUnit
                                              LegalTrademarks
                                              CommentsImage Size Standardiser
                                              ProductNameImage Size Standardiser
                                              ProductVersion2007.08.28.1
                                              FileDescriptionImage Size Standardiser
                                              OriginalFilenameAssemblyName.exe

                                              Network Behavior

                                              Snort IDS Alerts

                                              TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                              04/12/21-15:17:09.781420ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:09.816438ICMP449ICMP Time-To-Live Exceeded in Transit84.17.52.126192.168.2.6
                                              04/12/21-15:17:09.822526ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:09.859114ICMP449ICMP Time-To-Live Exceeded in Transit149.11.89.129192.168.2.6
                                              04/12/21-15:17:09.859602ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:09.897177ICMP449ICMP Time-To-Live Exceeded in Transit130.117.50.25192.168.2.6
                                              04/12/21-15:17:09.901722ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:09.942778ICMP449ICMP Time-To-Live Exceeded in Transit130.117.0.62192.168.2.6
                                              04/12/21-15:17:09.963919ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:10.011057ICMP449ICMP Time-To-Live Exceeded in Transit154.54.36.253192.168.2.6
                                              04/12/21-15:17:10.019437ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:10.065968ICMP449ICMP Time-To-Live Exceeded in Transit130.117.14.78192.168.2.6
                                              04/12/21-15:17:10.075882ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:10.137518ICMP449ICMP Time-To-Live Exceeded in Transit195.22.208.117192.168.2.6
                                              04/12/21-15:17:10.143003ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:10.196196ICMP449ICMP Time-To-Live Exceeded in Transit93.186.128.39192.168.2.6
                                              04/12/21-15:17:10.197569ICMP384ICMP PING192.168.2.62.23.155.232
                                              04/12/21-15:17:10.250018ICMP408ICMP Echo Reply2.23.155.232192.168.2.6

                                              Network Port Distribution

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Apr 12, 2021 15:17:02.188210964 CEST4944853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:02.237078905 CEST53494488.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:03.432223082 CEST6034253192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:03.483798981 CEST53603428.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:05.396575928 CEST6134653192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:05.454792976 CEST53613468.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:06.678920031 CEST5177453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:06.727936029 CEST53517748.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:07.545471907 CEST5602353192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:07.594119072 CEST53560238.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:08.694360971 CEST5838453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:08.745882988 CEST53583848.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:09.714747906 CEST6026153192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:09.778441906 CEST53602618.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:22.027512074 CEST5606153192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:22.076325893 CEST53560618.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:26.153947115 CEST5833653192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:26.211657047 CEST53583368.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:26.593698025 CEST5378153192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:26.642446995 CEST53537818.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:27.371833086 CEST5406453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:27.420711994 CEST53540648.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:34.325079918 CEST5281153192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:34.376645088 CEST53528118.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:34.408814907 CEST5529953192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:34.470855951 CEST53552998.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:34.708123922 CEST6374553192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:34.768985033 CEST53637458.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:36.268973112 CEST5005553192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:36.318243027 CEST53500558.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:37.055372000 CEST6137453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:37.104171991 CEST53613748.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:38.166023970 CEST5033953192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:38.214950085 CEST53503398.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:39.136960983 CEST6330753192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:39.204515934 CEST53633078.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:39.843059063 CEST4969453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:39.892381907 CEST53496948.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:40.965179920 CEST5498253192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:41.013802052 CEST53549828.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:45.238478899 CEST5001053192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:45.290182114 CEST53500108.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:46.344132900 CEST6371853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:46.392785072 CEST53637188.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:48.259892941 CEST6211653192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:48.311598063 CEST53621168.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:56.168281078 CEST6381653192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:56.395606041 CEST53638168.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:56.946171999 CEST5501453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:57.099788904 CEST53550148.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:57.658051014 CEST6220853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:57.671370029 CEST5757453192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:57.728770018 CEST53575748.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:57.732328892 CEST53622088.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:58.474102974 CEST5181853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:58.578263044 CEST53518188.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:59.118072033 CEST5662853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:59.177898884 CEST53566288.8.8.8192.168.2.6
                                              Apr 12, 2021 15:17:59.320744991 CEST6077853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:17:59.369261026 CEST53607788.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:00.133456945 CEST5379953192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:00.193588018 CEST53537998.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:00.746002913 CEST5468353192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:00.805965900 CEST53546838.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:01.914160013 CEST5932953192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:02.109582901 CEST53593298.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:03.823339939 CEST6402153192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:03.884013891 CEST53640218.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:04.328334093 CEST5612953192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:04.377125978 CEST53561298.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:10.531311989 CEST5817753192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:10.589813948 CEST53581778.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:41.917402029 CEST5070053192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:41.985662937 CEST53507008.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:42.723320961 CEST5406953192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:42.772187948 CEST53540698.8.8.8192.168.2.6
                                              Apr 12, 2021 15:18:44.454745054 CEST6117853192.168.2.68.8.8.8
                                              Apr 12, 2021 15:18:44.512132883 CEST53611788.8.8.8192.168.2.6

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Apr 12, 2021 15:17:34.708123922 CEST192.168.2.68.8.8.80x73a6Standard query (0)clientconfig.passport.netA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Apr 12, 2021 15:17:34.768985033 CEST8.8.8.8192.168.2.60x73a6No error (0)clientconfig.passport.netauthgfx.msa.akadns6.netCNAME (Canonical name)IN (0x0001)

                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: Purchase Order.exe PID: 6632 Parent PID: 5956

                                              General

                                              Start time:15:17:07
                                              Start date:12/04/2021
                                              Path:C:\Users\user\Desktop\Purchase Order.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\Purchase Order.exe'
                                              Imagebase:0x320000
                                              File size:826368 bytes
                                              MD5 hash:4953A0238E781408FAE3EE737BF14AC4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.348990165.0000000002A0D000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_BedsObfuscator, Description: Yara detected Beds Obfuscator, Source: 00000000.00000002.350207077.0000000003A8E000.00000004.00000001.sdmp, Author: Joe Security
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: Purchase Order.exe PID: 6784 Parent PID: 6632

                                              General

                                              Start time:15:17:19
                                              Start date:12/04/2021
                                              Path:C:\Users\user\Desktop\Purchase Order.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\Desktop\Purchase Order.exe
                                              Imagebase:0xe70000
                                              File size:826368 bytes
                                              MD5 hash:4953A0238E781408FAE3EE737BF14AC4
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_Matiex, Description: Yara detected Matiex Keylogger, Source: 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_BedsObfuscator, Description: Yara detected Beds Obfuscator, Source: 00000002.00000002.427728679.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: dw20.exe PID: 6824 Parent PID: 6784

                                              General

                                              Start time:15:17:20
                                              Start date:12/04/2021
                                              Path:C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
                                              Wow64 process (32bit):true
                                              Commandline:dw20.exe -x -s 748
                                              Imagebase:0x10000000
                                              File size:33936 bytes
                                              MD5 hash:8D10DA8A3E11747E51F23C882C22BBC3
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Chronological Activities

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Analysis Process: Purchase Order.exe PID: 6632 Parent PID: 5956 Purchase Order.exeCOMMON

                                                Executed Functions

                                                Function 08085110, Relevance: 3.8, Strings: 3, Instructions: 84COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: m3 $f]Ir$f]Ir
                                                • API String ID: 0-844369619
                                                • Opcode ID: 7acc9db1766488136a374c31b4777832e895b2a89c47976fd984fc172190a7ad
                                                • Instruction ID: a932d1c0bad430333ca216e7197f9e2fc7ec46ed3b29a8dc5c0c4dc9b50adb6b
                                                • Opcode Fuzzy Hash: 7acc9db1766488136a374c31b4777832e895b2a89c47976fd984fc172190a7ad
                                                • Instruction Fuzzy Hash: D2310771E016188FEB18DF6AD84079EBBF3AFC9210F14C1AAD448AB255D7345A41CF52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808E3E0, Relevance: 2.7, Strings: 2, Instructions: 234COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: 8$J`_^
                                                • API String ID: 0-146663792
                                                • Opcode ID: e4b58da7dc23e9e1706549c0ea89a6d41bb07cba01b5fb755930fcb89b1197f8
                                                • Instruction ID: ba7de917d7708db5a2030703c34d198a6b8ee91bb8acaa6cdffcc5c6319163e6
                                                • Opcode Fuzzy Hash: e4b58da7dc23e9e1706549c0ea89a6d41bb07cba01b5fb755930fcb89b1197f8
                                                • Instruction Fuzzy Hash: 72A15874E05219DFDB04EFA8E58469DBBF2FF49302F20542AD44AAB250DB345981CF25
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BABF78, Relevance: 1.6, Strings: 1, Instructions: 347COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: wg
                                                • API String ID: 0-3599486712
                                                • Opcode ID: 91341b7b7be236d0de60f0c6bda67a843fdba665aa5cace1802d9c863d5ec4b9
                                                • Instruction ID: 62a7ecb576e58465a8ec69fd0fed1e32f5bbd51d03be9d0d8f9b8b5ca17e641f
                                                • Opcode Fuzzy Hash: 91341b7b7be236d0de60f0c6bda67a843fdba665aa5cace1802d9c863d5ec4b9
                                                • Instruction Fuzzy Hash: DAF14774E08258DFDB14CFA9C580AADFBB2FF89304F2485AAD815AB345D734AA41DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40C87, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                Download Yara Rule
                                                APIs
                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05B40D07
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: AdjustPrivilegesToken
                                                • String ID:
                                                • API String ID: 2874748243-0
                                                • Opcode ID: 998f18efeddc281a10f9fce30f5d59cb833583dadfb6b10275ee57c4850d9625
                                                • Instruction ID: a70a9ddc567bb856d4f2e89568755213102ce5b8390df11300ba6a1f1b758439
                                                • Opcode Fuzzy Hash: 998f18efeddc281a10f9fce30f5d59cb833583dadfb6b10275ee57c4850d9625
                                                • Instruction Fuzzy Hash: A921A375509784AFDB228F25DC45B52BFF8EF06310F0884DAEE858F163D271A908DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B41097, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtQuerySystemInformation.NTDLL ref: 05B4110D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: InformationQuerySystem
                                                • String ID:
                                                • API String ID: 3562636166-0
                                                • Opcode ID: c5ebe9ec1485a303b45465e3f9eb6fa8ade5668f666e186a20008015ffec358b
                                                • Instruction ID: 84836b14887178e60a385bd299528285d61e9640629fa5ea7d76e13925ab8cdd
                                                • Opcode Fuzzy Hash: c5ebe9ec1485a303b45465e3f9eb6fa8ade5668f666e186a20008015ffec358b
                                                • Instruction Fuzzy Hash: 5221DE714093C0AFDB238B20DC41A62FFB4EF07314F0980CBE9844B163D265A509DB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA568F, Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: :@Dr
                                                • API String ID: 0-3830894600
                                                • Opcode ID: 689c60aa08124c066d50ddbb4a6739febae6402c50b1712b3a95b9e473704873
                                                • Instruction ID: 531e17b48632e06a613a0f008217ba2bb071f72e4cf4acba0a57c9ed3cdb1791
                                                • Opcode Fuzzy Hash: 689c60aa08124c066d50ddbb4a6739febae6402c50b1712b3a95b9e473704873
                                                • Instruction Fuzzy Hash: 5AD13774E05208DFDB24CFA9D984B9DBBB1FF49311F1484AAD406BB260DB30AA95CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40CBE, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                Download Yara Rule
                                                APIs
                                                • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 05B40D07
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: AdjustPrivilegesToken
                                                • String ID:
                                                • API String ID: 2874748243-0
                                                • Opcode ID: 98e710c098e66040b15581de72423d329e81f7f78f254b9e35bcc7bfee17ebde
                                                • Instruction ID: 14331f0cdac623742892f778c4a5fc14ebb46eb847f4299c8378117e15c24f7c
                                                • Opcode Fuzzy Hash: 98e710c098e66040b15581de72423d329e81f7f78f254b9e35bcc7bfee17ebde
                                                • Instruction Fuzzy Hash: 0B115E355006089FDB20DF55D889B66FBE8EF04620F1884AADE498F652D271F418DF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40F40, Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 05B40FA0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: InformationProcessQuery
                                                • String ID:
                                                • API String ID: 1778838933-0
                                                • Opcode ID: 4d9557a5ff5ecf1b7c98c2a9b3c206fcfd224f41633219710f1dcfa53ddec4ae
                                                • Instruction ID: 53d54d9fc182645cb65279e9f358d2024aa23efaa852fa1003b1f9b8cdc90684
                                                • Opcode Fuzzy Hash: 4d9557a5ff5ecf1b7c98c2a9b3c206fcfd224f41633219710f1dcfa53ddec4ae
                                                • Instruction Fuzzy Hash: 9B11CE31009784AFDB228F11DC45E62FFF4EF06220F0884DEEE854B662D375A518DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40F62, Relevance: 1.5, APIs: 1, Instructions: 39nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 05B40FA0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: InformationProcessQuery
                                                • String ID:
                                                • API String ID: 1778838933-0
                                                • Opcode ID: 56f9345d7f470bcb74783cb981c01faeeeedc45db016a786a4cb7fb5d55f8d21
                                                • Instruction ID: 41ccb7c83552914e0dd334344539decd7b174388a5a4eac94bb4bca30fbfcb12
                                                • Opcode Fuzzy Hash: 56f9345d7f470bcb74783cb981c01faeeeedc45db016a786a4cb7fb5d55f8d21
                                                • Instruction Fuzzy Hash: 3901BC35404A04DFDB309F45D889B66FFA0FF08720F0884AADE490B612D2B5A118EFA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B410D2, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtQuerySystemInformation.NTDLL ref: 05B4110D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: InformationQuerySystem
                                                • String ID:
                                                • API String ID: 3562636166-0
                                                • Opcode ID: f265eb55982741c82ded00aa6d92860e8760663310eb5f3d5a10df5ad9c8fa32
                                                • Instruction ID: 9becf0eecc0ac204537a216501ccb38fc5761cedf943b5a5c6ada2c1dbc3cef9
                                                • Opcode Fuzzy Hash: f265eb55982741c82ded00aa6d92860e8760663310eb5f3d5a10df5ad9c8fa32
                                                • Instruction Fuzzy Hash: 4D018B35800644DFEB20CF19D885B62FFA5FF09720F28C09ADE890B616D3B5A458DF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA56A0, Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: :@Dr
                                                • API String ID: 0-3830894600
                                                • Opcode ID: 1576018c2da48436e2d929606ae53d84594cfe42edc65ed6b369943bf267519a
                                                • Instruction ID: 2037437f05950548cfb729229736ccd5b89765dbbed18e7ea486666039923d36
                                                • Opcode Fuzzy Hash: 1576018c2da48436e2d929606ae53d84594cfe42edc65ed6b369943bf267519a
                                                • Instruction Fuzzy Hash: 23C12674E09218DFDB24CFA5D984B9DBBB1FB49311F1094AAD40ABB260DB306A94CF14
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08087B08, Relevance: .3, Instructions: 259COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79cb925b45b8c72d80d7482b6788997eeb4a3c1f18a1a31a8698c95004e78fee
                                                • Instruction ID: f58f55ff3b96bf8e54cb7b2c241139be582b3e7b97083a6d44d0ab0f6aa8a462
                                                • Opcode Fuzzy Hash: 79cb925b45b8c72d80d7482b6788997eeb4a3c1f18a1a31a8698c95004e78fee
                                                • Instruction Fuzzy Hash: 69C11774D0520ADFCB04DFA8C5809AEFBB2FF49311B24A559D456AB219C730EAC1CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA2AC0, Relevance: .3, Instructions: 254COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62cab55bd3d9badd7c117b15f2d660d41560b2348dd041a843b33eb2ea21d0b7
                                                • Instruction ID: 9936b5fecd37b03f4baf525f1f4c5f68e829235d86a68ded373167406136401d
                                                • Opcode Fuzzy Hash: 62cab55bd3d9badd7c117b15f2d660d41560b2348dd041a843b33eb2ea21d0b7
                                                • Instruction Fuzzy Hash: 8CB16D7090920ADFCB08CFA5C5808AEFBB1FF49351B50A999D411BB355D730EA96CFA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080849F8, Relevance: .2, Instructions: 221COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a19d9c517c27a2d0a8fe6d45e25854a10e953a0cd3357c4a1ee44f64a06c1e13
                                                • Instruction ID: 966d8d84b45ca6f041ac55107df11abcde6bd8d24dc061ee051bfb9e74a5c540
                                                • Opcode Fuzzy Hash: a19d9c517c27a2d0a8fe6d45e25854a10e953a0cd3357c4a1ee44f64a06c1e13
                                                • Instruction Fuzzy Hash: 149144B0D00619CFEB54EFAAC8407EDBBB6FF89316F50C069D458AB251DB3059868F64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08085C11, Relevance: .2, Instructions: 217COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 082653d6514695160ba5c70e24e400fb4b3df7cf5acf8086ab1989540613acdd
                                                • Instruction ID: 7606ee9bc2c9ccf0aeafbe67d76a00a2779475190223d5b7569fa20b5957bc99
                                                • Opcode Fuzzy Hash: 082653d6514695160ba5c70e24e400fb4b3df7cf5acf8086ab1989540613acdd
                                                • Instruction Fuzzy Hash: B9916874D05249DFCB05CFA9D841AAEBFB2FF8A310F1480AAD445AB251D7346986CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084D98, Relevance: .2, Instructions: 217COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 353463de99f156603e59970b26b4ef58700c95a48704bdc305f87d7077eeb3ef
                                                • Instruction ID: 25e75df9e7a7f03db01bf4c811a27c8f00cee1fae2f26e42a18600c757c26cb6
                                                • Opcode Fuzzy Hash: 353463de99f156603e59970b26b4ef58700c95a48704bdc305f87d7077eeb3ef
                                                • Instruction Fuzzy Hash: 579137B0D00619CFDB04EFAAC4806ADFBF2BF99325F648619D454AB396D7309982CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08085BE5, Relevance: .2, Instructions: 217COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 60bfaa36c1fa8b1cd0404b5379ba93edf4a9c1a64f35f2c1484e709c41a5c6dd
                                                • Instruction ID: ab18eec6a6ee357d2e70597c32a24328f0fc5e9f9afb0fd1e9ef307f987d473d
                                                • Opcode Fuzzy Hash: 60bfaa36c1fa8b1cd0404b5379ba93edf4a9c1a64f35f2c1484e709c41a5c6dd
                                                • Instruction Fuzzy Hash: E6915970D05249DFCB05CFA9C841AAEBFB2FF8A310F1484AAD445BB251D734A986CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05841E20, Relevance: .2, Instructions: 207COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5bdc086a28dbe7f99964edae9c47c16ba27f7a7977cf239721e6ace6a0bad80
                                                • Instruction ID: d23f814e9784a5637232088885e8419df6b7c5eb9fab3c47e25564c32b8f9b1c
                                                • Opcode Fuzzy Hash: e5bdc086a28dbe7f99964edae9c47c16ba27f7a7977cf239721e6ace6a0bad80
                                                • Instruction Fuzzy Hash: 5291F374D0920DCFCB04CFA5C5855AEBBB2BF88300F20942AD906BB354E7349981CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08085C68, Relevance: .2, Instructions: 175COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c1265ed3325125d30a6786e458e4bce86da56dfaab8041e64a0b2ea33a0efd7
                                                • Instruction ID: 9b67ad5765ea553fe7f20498bb8d803ee0b70b22ea4086aef09ed356fb008254
                                                • Opcode Fuzzy Hash: 5c1265ed3325125d30a6786e458e4bce86da56dfaab8041e64a0b2ea33a0efd7
                                                • Instruction Fuzzy Hash: 7381D174D04609DFDB08DFA9D981AAEFBB2FF89301F10816AD405BB254D734AA82CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA0B80, Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b87efa7ab91b0af22e69d0a7d1c941c7fdf0edcf2d7038557a779442d0fa34bf
                                                • Instruction ID: 670f0edaf6001d63301e1047f7bb8fa2821e38f2d11c41d37d0d4126223c6b48
                                                • Opcode Fuzzy Hash: b87efa7ab91b0af22e69d0a7d1c941c7fdf0edcf2d7038557a779442d0fa34bf
                                                • Instruction Fuzzy Hash: 1771B074E05209DFDB08DFA9C994AAEBBF2FF88300F10856AD415BB254DB34AA458F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA1348, Relevance: .1, Instructions: 135COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd0c3a28741fb71be285762887cd44542963a7c8816f9324a74d30f53e6d4a97
                                                • Instruction ID: 6b95e4b32664d78e16984930037d8b0c862730f2e69d4e07c1c816ee198ff831
                                                • Opcode Fuzzy Hash: dd0c3a28741fb71be285762887cd44542963a7c8816f9324a74d30f53e6d4a97
                                                • Instruction Fuzzy Hash: 5A516B70E08249DFDB48CFAAC4415AEFBF2EB89301F14D46AC456B7250E734AA51CFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840658, Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6362adb7ecb900f299f54dd44ad2ec6117b1bf691f31d4ca50628d52eb026d8e
                                                • Instruction ID: ccec4400285fbf4a7dbe85fa10545e800ad805dfb3daed2427ca5881b27cd162
                                                • Opcode Fuzzy Hash: 6362adb7ecb900f299f54dd44ad2ec6117b1bf691f31d4ca50628d52eb026d8e
                                                • Instruction Fuzzy Hash: 515168B0D0520DDFDB04CFAAC448AAEBBB2FF89214F54C599D924BB255D3349A41CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840668, Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a46bad59e32c45f99601a4a270200010df14700c1ab183b25b3ffdcad84b324a
                                                • Instruction ID: 9005431755f2c2fff5d3bc458491c75952ab672194232efb73eea856f09a34ce
                                                • Opcode Fuzzy Hash: a46bad59e32c45f99601a4a270200010df14700c1ab183b25b3ffdcad84b324a
                                                • Instruction Fuzzy Hash: 7F5156B0D0120DDFDB04CFAAC548AAEBBB2FF89214F64C599D925BB255D3349A01CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080863B0, Relevance: .1, Instructions: 128COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5624586ed39dfe2b4028a47a84707dd2ec55fc745bbceae74f4ce499f64b1bc0
                                                • Instruction ID: 7ba0f28e9db213b784131fdcdca3f0ff62940299e8f7bba5284cab28fea7eeaf
                                                • Opcode Fuzzy Hash: 5624586ed39dfe2b4028a47a84707dd2ec55fc745bbceae74f4ce499f64b1bc0
                                                • Instruction Fuzzy Hash: D7515871D04209CFDB08DFAAC5446AEFBF2EF89301F25D06AD465AB211D7399A81CF64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA1BF1, Relevance: .1, Instructions: 74COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d1c1639eb343cb5f5844b53a326f7b950414970b6c5fb51a6f90a4e34e91e1b1
                                                • Instruction ID: 3b9942c72131e1b2f862f16e3640bd23011b9b3d5fb856f0eca6ec5be84438d1
                                                • Opcode Fuzzy Hash: d1c1639eb343cb5f5844b53a326f7b950414970b6c5fb51a6f90a4e34e91e1b1
                                                • Instruction Fuzzy Hash: 3C3127B1E042588FDB19CFAAD8547DEBBB2AFC9300F14C0AAD408AA254DB740955CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08086CA2, Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 22c1086df5c1027702eabb5209e7b405e9bd92d5553a05c7202d02eb37f274e1
                                                • Instruction ID: db22cb33c912460cc3ef7536567ae168fbd26c92e1c1d834053209286df452b6
                                                • Opcode Fuzzy Hash: 22c1086df5c1027702eabb5209e7b405e9bd92d5553a05c7202d02eb37f274e1
                                                • Instruction Fuzzy Hash: 66212D71E056588BDB18CF9AD8442DEFBF3EFC9310F14C06AD408AA255DB751985CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA0098, Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8ae30e1b07825b26de558b671c0ae12a08db0aacef433b254e8e8cba7226b51e
                                                • Instruction ID: 8b2a7153d19fb82dd4dc24ad6f89a2b9cb1750b4c9983f0b847dd92c327c1876
                                                • Opcode Fuzzy Hash: 8ae30e1b07825b26de558b671c0ae12a08db0aacef433b254e8e8cba7226b51e
                                                • Instruction Fuzzy Hash: A721F671E056189FEB18CF6BDC4069EBBB7AFCA210F14C0AAD848A6224DB3019528F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08082F74, Relevance: 3.8, Strings: 3, Instructions: 99COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: X$kr$X$kr$i
                                                • API String ID: 0-1320504580
                                                • Opcode ID: bec3b6137efb37a10b79c9bc6e8a02f796ff08477a6c78c42dc0b53fd276d9af
                                                • Instruction ID: 88b8fe9156524442889bd797bdff4d437ca5b831a12d476edf5226f5f22b2922
                                                • Opcode Fuzzy Hash: bec3b6137efb37a10b79c9bc6e8a02f796ff08477a6c78c42dc0b53fd276d9af
                                                • Instruction Fuzzy Hash: C451E7B0E01268CFDB64DF25C99479CBBF6AB88705F5191E9D608A7251CB709EC1CF18
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B4091C, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05B409C8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: cf3fd85e80890584fe4f624870ed4eff8a34cf69ed3a1b3b84096a547fe09ece
                                                • Instruction ID: 67965e7d3e75f7c3f61f2935c4e337d14191dffb6ebe7a2248b6e43200248c07
                                                • Opcode Fuzzy Hash: cf3fd85e80890584fe4f624870ed4eff8a34cf69ed3a1b3b84096a547fe09ece
                                                • Instruction Fuzzy Hash: 8331C772404384AFEB228F64DC45F67BFA8EF46310F08849EEA859F153D274A919CB71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00E4ABD5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: 8452b7907e5f11f4d031568bcb298cb638b191df97adf2a1ac7d20e781a95a45
                                                • Instruction ID: 210f0dbe8a4e3092949b4e68131e8ba07d25bb08c59e182d2c18a4de776b1a24
                                                • Opcode Fuzzy Hash: 8452b7907e5f11f4d031568bcb298cb638b191df97adf2a1ac7d20e781a95a45
                                                • Instruction Fuzzy Hash: 9D31B672544384AFE7228B25DC45F67FFBCEF06710F0884ABED809B152D264A849CB71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,F3E717C9,00000000,00000000,00000000,00000000), ref: 00E4ACD8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: QueryValue
                                                • String ID:
                                                • API String ID: 3660427363-0
                                                • Opcode ID: fdb0becf4e1a20d02102d4f56263278f5af934860d36f0b4461b064d58cc8905
                                                • Instruction ID: cb3fa3f68df8e4c6244d4ffaeb0eabd2a40fadd1d50007ab7ecf9af78a82a276
                                                • Opcode Fuzzy Hash: fdb0becf4e1a20d02102d4f56263278f5af934860d36f0b4461b064d58cc8905
                                                • Instruction Fuzzy Hash: 1131B371108384AFE722CF21DC84F62BFFCEF06324F18849AE9849B153D260E849CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40E48, Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,F3E717C9,00000000,00000000,00000000,00000000), ref: 05B40EDC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: CodeExitProcess
                                                • String ID:
                                                • API String ID: 3861947596-0
                                                • Opcode ID: a4b483998cf4883e541dac59c781af0a98c0eaa649c0377320260bc2c5e5e8c8
                                                • Instruction ID: 8ce3ce905528d2f267ebefa3ef9776030056063ff818f45e9a911c829936f254
                                                • Opcode Fuzzy Hash: a4b483998cf4883e541dac59c781af0a98c0eaa649c0377320260bc2c5e5e8c8
                                                • Instruction Fuzzy Hash: 9721D871509384AFE7128B25DC45FA6BFB8EF47310F0880EBE944DF193D264A509CB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40831, Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTokenInformation.KERNELBASE(?,00000E2C,F3E717C9,00000000,00000000,00000000,00000000), ref: 05B408C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: InformationToken
                                                • String ID:
                                                • API String ID: 4114910276-0
                                                • Opcode ID: 0ba23dbd3038b1eabb7852cc5e0313e5b55a0b3e148094a2a2ddbfa91a2aa74b
                                                • Instruction ID: fb441064e7a99c5661ddf5cb697741ab3c42faf1ba4ff2ba2cd3453507c5439b
                                                • Opcode Fuzzy Hash: 0ba23dbd3038b1eabb7852cc5e0313e5b55a0b3e148094a2a2ddbfa91a2aa74b
                                                • Instruction Fuzzy Hash: F031A572109384AFEB228F25DC45FA6BFB8EF06310F0884DBE9849F153D264A509CB71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40AED, Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                Download Yara Rule
                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05B40B86
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: e85304ce5b8c68fe9efe8f910d0c0c942158f813fea76c8b95c6e5f28e8b3160
                                                • Instruction ID: fcd489a1aed8562b968fd172fe3ff145fff6f5807b53866f277d5b01ccc9c1fe
                                                • Opcode Fuzzy Hash: e85304ce5b8c68fe9efe8f910d0c0c942158f813fea76c8b95c6e5f28e8b3160
                                                • Instruction Fuzzy Hash: E5315E7150D3C49FD7178B659C55A92BFB8AF03310F0D84DBD984CF263D2649948CB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4B074, Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 00E4B10E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: ConsoleCtrlHandler
                                                • String ID:
                                                • API String ID: 1513847179-0
                                                • Opcode ID: 73ae2f6c5e38acfb11b6f603eb1bae59f8d7f8a294600af1c064d4e6ae31e567
                                                • Instruction ID: a00a426e19016d1c957fd412172b8ca6bd6aa61418ebb0ca833f5c6c6cccb6c2
                                                • Opcode Fuzzy Hash: 73ae2f6c5e38acfb11b6f603eb1bae59f8d7f8a294600af1c064d4e6ae31e567
                                                • Instruction Fuzzy Hash: 2B21B67144D7C06FD3138B259C51B62BFB8EF87A10F0A81DBE884CB653D225A919C7A2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40956, Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,00000E2C), ref: 05B409C8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 430fe180ce4e837a154b1fdb23ed3985fe360629bd72d5f505c14a9335535b98
                                                • Instruction ID: 5d48252c2291bf95288a93295a2f82c76f4f600ddfae117bb7cede843da07eb3
                                                • Opcode Fuzzy Hash: 430fe180ce4e837a154b1fdb23ed3985fe360629bd72d5f505c14a9335535b98
                                                • Instruction Fuzzy Hash: 5321CF72500608AFEB219F68DC45F6BFBACEF04710F14886AEE459E252E670A4089F71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 00E4ABD5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: Open
                                                • String ID:
                                                • API String ID: 71445658-0
                                                • Opcode ID: 9f0118ca09358417faf143485f327a8f5539c1b4f8135c3a1a48daed5217660b
                                                • Instruction ID: d1fc0f4d3f7161461853e8756e2a296608b6a09ab714713738720fc0bf9fefef
                                                • Opcode Fuzzy Hash: 9f0118ca09358417faf143485f327a8f5539c1b4f8135c3a1a48daed5217660b
                                                • Instruction Fuzzy Hash: 9721A172500704AFE7219F55DC85FABFBECEF04720F18846BEE459B241D664E8088B72
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40FD3, Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                APIs
                                                • K32EnumProcesses.KERNEL32(?,?,?,F3E717C9,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05B4104E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: EnumProcesses
                                                • String ID:
                                                • API String ID: 84517404-0
                                                • Opcode ID: a2002a0eb12a4c962ab01f96c943ba1a2d8e06220ba9fbdeb9f1299d0d340d4c
                                                • Instruction ID: 99713542483b40ed54a84787a9f8f47716ade6316baffecbe6fe4a0b29a0c28c
                                                • Opcode Fuzzy Hash: a2002a0eb12a4c962ab01f96c943ba1a2d8e06220ba9fbdeb9f1299d0d340d4c
                                                • Instruction Fuzzy Hash: DE219D754093C09FEB128B25DC54BA2BFB8EF47210F0980DBE9848B253D265A848DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegQueryValueExW.KERNELBASE(?,00000E2C,F3E717C9,00000000,00000000,00000000,00000000), ref: 00E4ACD8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: QueryValue
                                                • String ID:
                                                • API String ID: 3660427363-0
                                                • Opcode ID: 84342f944be8d7b6b5832ec8ea34dbbb2dacc24752b940ea60c453efceb85d67
                                                • Instruction ID: 7c4f0d34acfd9c84e12227bd2e0d411d857295ef73aae2815d19482dff40a978
                                                • Opcode Fuzzy Hash: 84342f944be8d7b6b5832ec8ea34dbbb2dacc24752b940ea60c453efceb85d67
                                                • Instruction Fuzzy Hash: A2218E75640604AFEB20CF15DC80FA7FBECEF04724F18846AE945AB651D660E808CB72
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40006, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                Download Yara Rule
                                                APIs
                                                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05B40083
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: DrawText
                                                • String ID:
                                                • API String ID: 2175133113-0
                                                • Opcode ID: 1e4aeacc256579ac44b3d408d5b9b2f7240ee06683de9edbcf071a8ef5d624ff
                                                • Instruction ID: f36b917308245130b74c4c9a00dc0fc248b11ce54afd54065b0e9846a98ff12b
                                                • Opcode Fuzzy Hash: 1e4aeacc256579ac44b3d408d5b9b2f7240ee06683de9edbcf071a8ef5d624ff
                                                • Instruction Fuzzy Hash: 9D217171508384AFD722CF65DC44B62BFF8EF06210F0984DAE9858F252E275E908DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4B46D, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00E4B4E9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: LibraryLoadShim
                                                • String ID:
                                                • API String ID: 1475914169-0
                                                • Opcode ID: 432b9f8240e5b6b65353d57461578bb771ac7270c808739b96e517f26b2964ef
                                                • Instruction ID: b23a3df2418abd073e35463c9c0b2e1083fb4ce60066b938fad84879076a44f4
                                                • Opcode Fuzzy Hash: 432b9f8240e5b6b65353d57461578bb771ac7270c808739b96e517f26b2964ef
                                                • Instruction Fuzzy Hash: AF21C3714083806FD7228E15DC41B62FFF8EF06714F08808AED849B253E365E808C771
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40A26, Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B40AA5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: 4d0e609ebb14c73fdd2861cb03995e201f2467e49a6a821c923a5ceb5fc19d0b
                                                • Instruction ID: 0578407aff1458d815e29474d37a100a9ff1d246a9c35806252bde1a15990f22
                                                • Opcode Fuzzy Hash: 4d0e609ebb14c73fdd2861cb03995e201f2467e49a6a821c923a5ceb5fc19d0b
                                                • Instruction Fuzzy Hash: AA21CF764093C49FEB228F25DC55BA2FFB4EF06320F0980DEED854A153D224A908DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B4086A, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTokenInformation.KERNELBASE(?,00000E2C,F3E717C9,00000000,00000000,00000000,00000000), ref: 05B408C9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: InformationToken
                                                • String ID:
                                                • API String ID: 4114910276-0
                                                • Opcode ID: 92af14e645bf57e00e05ca0eb45f7e170658bfba3eddca2322ec7f854df421da
                                                • Instruction ID: 1823e39d947d4cf7b5e70a2799c51202a51e4231fd54e1b493169fbfdc714054
                                                • Opcode Fuzzy Hash: 92af14e645bf57e00e05ca0eb45f7e170658bfba3eddca2322ec7f854df421da
                                                • Instruction Fuzzy Hash: 1211D072500604EFEB209F65DC85FABFBA8EF05320F1484ABEE458B241D670A4058BB1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B412C9, Relevance: 1.6, APIs: 1, Instructions: 62windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostMessageW.USER32(?,?,?,?), ref: 05B4133D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: d9f6ee6eeb544eb570e24015426459b6de8b1ad3129cd4b72cbe94cbaaf5beee
                                                • Instruction ID: decd2caebc5b0da302565593aa4b087823a2bb0aa8a3f43bb3fc0d246e4fb8c4
                                                • Opcode Fuzzy Hash: d9f6ee6eeb544eb570e24015426459b6de8b1ad3129cd4b72cbe94cbaaf5beee
                                                • Instruction Fuzzy Hash: 84215C714093C0AFDB238F25DC44A52BFB4EF17210F0985DAE9848F563D265A958DB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E4A61A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: e0eb4c2c1363c90403f6d3b698c8cec20697465bd5013c8fb8d84e142f2d9323
                                                • Instruction ID: ee960b6d2561ac816b2ae3a031e333624a78c09480269343acfe42113e30845a
                                                • Opcode Fuzzy Hash: e0eb4c2c1363c90403f6d3b698c8cec20697465bd5013c8fb8d84e142f2d9323
                                                • Instruction Fuzzy Hash: 1F11B471409380AFDB228F55DC44A62FFF8EF4A320F0884DAEE858B152D275A418DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40E86, Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetExitCodeProcess.KERNELBASE(?,00000E2C,F3E717C9,00000000,00000000,00000000,00000000), ref: 05B40EDC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: CodeExitProcess
                                                • String ID:
                                                • API String ID: 3861947596-0
                                                • Opcode ID: 033104006be026542c619be0e047430cdbf1c7d7b8c54d740a8b2fce70284a54
                                                • Instruction ID: b549b1aaf33802f508f59ea963fc8672b524cc20589911ea9486b7051848dcef
                                                • Opcode Fuzzy Hash: 033104006be026542c619be0e047430cdbf1c7d7b8c54d740a8b2fce70284a54
                                                • Instruction Fuzzy Hash: 1511E371500204AFEB20DF25DC85FABBB9CEF05320F1484ABEE05DF241D674A5048B71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNELBASE(?), ref: 00E4A6CC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: f25e1129f1b6a0fbf932a55e41e9c4c866739b7c22628389b7847bfb7b71ad13
                                                • Instruction ID: a9dc482d8755c2839f92de61fab05601a990bf946d76ae1c985ca039aa0dcda9
                                                • Opcode Fuzzy Hash: f25e1129f1b6a0fbf932a55e41e9c4c866739b7c22628389b7847bfb7b71ad13
                                                • Instruction Fuzzy Hash: 5511897540D3C49FDB128B25DC94A52BFB4DF07220F0E80DBD9849F1A3D2695908CB72
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B4165B, Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostMessageW.USER32(?,?,?,?), ref: 05B416C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: a123094ed275eb890a75a796253561cddf99d3dd6bfc25495f9db9bcb9456dfb
                                                • Instruction ID: def131a28cdeb4152bffe0c34540515380c6707a4f0a75e0921c84abe1f5c6cb
                                                • Opcode Fuzzy Hash: a123094ed275eb890a75a796253561cddf99d3dd6bfc25495f9db9bcb9456dfb
                                                • Instruction Fuzzy Hash: 9811D071409380AFDB228F15DC45B52FFB4EF06320F0880DEED854B163D275A458DB61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40B3E, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                Download Yara Rule
                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 05B40B86
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 6617e140a53d2b2affb3ea74829cba22c43128d896fd56dd49114c988bf3f265
                                                • Instruction ID: 11e1bf850e671fa3234fcc39c41d029e52aa092c0d46478e03331ed8818244e9
                                                • Opcode Fuzzy Hash: 6617e140a53d2b2affb3ea74829cba22c43128d896fd56dd49114c988bf3f265
                                                • Instruction Fuzzy Hash: 971182716042049FDB60DF29D889B56FBD8EF04324F1884AADE49CF242E674E404DF75
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40032, Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                Download Yara Rule
                                                APIs
                                                • DrawTextExW.USER32(?,?,?,?,?,?), ref: 05B40083
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: DrawText
                                                • String ID:
                                                • API String ID: 2175133113-0
                                                • Opcode ID: e99546ef1cf78f3ca99fbcc430f37c4925ad7738712a52f990a99cae3c671eb3
                                                • Instruction ID: 7df5cb935c03816796c6098605438265dd0101ae0b7949f86ec02c5ee0cc76ca
                                                • Opcode Fuzzy Hash: e99546ef1cf78f3ca99fbcc430f37c4925ad7738712a52f990a99cae3c671eb3
                                                • Instruction Fuzzy Hash: E7114831504608DFDB20DF65D888B72FBE9EF04610F0884AADE898F712E275E408DF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A23C, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                Download Yara Rule
                                                APIs
                                                • OutputDebugStringW.KERNELBASE(?), ref: 00E4A298
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: DebugOutputString
                                                • String ID:
                                                • API String ID: 1166629820-0
                                                • Opcode ID: 821a65cc2b13eea19e7b31f0fac6c81c14736c147cdc9d7b4582780311cc8067
                                                • Instruction ID: fae39a1cfc58e0e0349d1082cb5e6f2b4d7786e8cf4f229eedadde0b02fd615b
                                                • Opcode Fuzzy Hash: 821a65cc2b13eea19e7b31f0fac6c81c14736c147cdc9d7b4582780311cc8067
                                                • Instruction Fuzzy Hash: 9D11C471504384AFD711CF15DC84B62FFE8EF46724F08809AFD459B252D275A908DB72
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B4100E, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                Download Yara Rule
                                                APIs
                                                • K32EnumProcesses.KERNEL32(?,?,?,F3E717C9,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 05B4104E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: EnumProcesses
                                                • String ID:
                                                • API String ID: 84517404-0
                                                • Opcode ID: bc8616795a2fe0c2dd03d07f321c53bb9969a5aea813678660f6813bca0a240d
                                                • Instruction ID: a2cacd1f5708211a00142b3c89e70edce008f98de9d6ae19f96eb8f21e90f016
                                                • Opcode Fuzzy Hash: bc8616795a2fe0c2dd03d07f321c53bb9969a5aea813678660f6813bca0a240d
                                                • Instruction Fuzzy Hash: 3411AD319042449FDB20CF69D885B66FBE8EF04220F0884ABDD49CB312E675E448DF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: LongWindow
                                                • String ID:
                                                • API String ID: 1378638983-0
                                                • Opcode ID: 39067b2b9ce5a279f71981d46a6079d1868fde3bb8e58b9d0eb289922ea7ad06
                                                • Instruction ID: 421d99e4a18e42d56388d80bb5969d8e69d7fdde28aa1a2dcda76f35906fed0e
                                                • Opcode Fuzzy Hash: 39067b2b9ce5a279f71981d46a6079d1868fde3bb8e58b9d0eb289922ea7ad06
                                                • Instruction Fuzzy Hash: B511AC36408384AFD7218F15DC85B52FFF4EF06320F08C09AED894B262D275A808DB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4B49E, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryShim.MSCOREE(?,?,?,?), ref: 00E4B4E9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: LibraryLoadShim
                                                • String ID:
                                                • API String ID: 1475914169-0
                                                • Opcode ID: 234f85dbc0055158ff04a86f5c81d3cc8c1fa56647a4860a96d552d63aae5dd2
                                                • Instruction ID: 02b386fe6964d07f6235593d85ff3820bc99d28009e7e9fa67615eae86358f1b
                                                • Opcode Fuzzy Hash: 234f85dbc0055158ff04a86f5c81d3cc8c1fa56647a4860a96d552d63aae5dd2
                                                • Instruction Fuzzy Hash: 410192719006009FDB20CF19E885B62FFE8EF14720F18949ADD599B246E375E408DB71
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                Download Yara Rule
                                                APIs
                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00E4A61A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: DuplicateHandle
                                                • String ID:
                                                • API String ID: 3793708945-0
                                                • Opcode ID: 652bd6d09e7cdc42a7451eac4243f9fc2cad065dc7231ac9004f83106376d0a7
                                                • Instruction ID: 81ef7b6a838fc1b2ce6ce56736d488468f5fc01e53696c0fdfde468a28fc8545
                                                • Opcode Fuzzy Hash: 652bd6d09e7cdc42a7451eac4243f9fc2cad065dc7231ac9004f83106376d0a7
                                                • Instruction Fuzzy Hash: C3018C32400700EFDB218F55E884B56FFE4EF08720F1CC5AAEE495B612D276A418DF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4B0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetConsoleCtrlHandler.KERNELBASE(?,00000E2C,?,?), ref: 00E4B10E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: ConsoleCtrlHandler
                                                • String ID:
                                                • API String ID: 1513847179-0
                                                • Opcode ID: 7b44424bc09250a0a698e942259cfdcbbb01ae244590e9bcaef81a1e45d114b8
                                                • Instruction ID: 50a4970ac3699cba63a52550d3b533357cbe393e603bd5fddaa95e47224da711
                                                • Opcode Fuzzy Hash: 7b44424bc09250a0a698e942259cfdcbbb01ae244590e9bcaef81a1e45d114b8
                                                • Instruction Fuzzy Hash: 3A01A275500600ABD610DF16DC82F26FBE8FB88B20F14815AED084B741E331F515CBE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B4168A, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostMessageW.USER32(?,?,?,?), ref: 05B416C5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: ea3a8b2b57b22843cc9601d70ca547c48fcc497da8008336369b8698cebc55ee
                                                • Instruction ID: 8645b1e24aabb6905e5c1c0de98407ab09d11a3774d748651f0104280ea1ef4e
                                                • Opcode Fuzzy Hash: ea3a8b2b57b22843cc9601d70ca547c48fcc497da8008336369b8698cebc55ee
                                                • Instruction Fuzzy Hash: 1901B135900640DFDB208F19D884B66FFA4EF04320F08C0AEDD494B612D2B1E458DF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B40A6A, Relevance: 1.5, APIs: 1, Instructions: 42memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B40AA5
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: ProtectVirtual
                                                • String ID:
                                                • API String ID: 544645111-0
                                                • Opcode ID: deba8955f19b947d91a662de4bc237c9425c7c895c34aba5cf034c5b0e759838
                                                • Instruction ID: 96ee5a99ce90c0957fd9ce847834c576c3147bcc76c2cecec9aeb009545c72a6
                                                • Opcode Fuzzy Hash: deba8955f19b947d91a662de4bc237c9425c7c895c34aba5cf034c5b0e759838
                                                • Instruction Fuzzy Hash: FE01BC365006449FDB209F19D888B66FFA5EF08320F08C0AADE494B612D2B5A418EF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A25E, Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                Download Yara Rule
                                                APIs
                                                • OutputDebugStringW.KERNELBASE(?), ref: 00E4A298
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: DebugOutputString
                                                • String ID:
                                                • API String ID: 1166629820-0
                                                • Opcode ID: b9e4ea6fff7e060a8ec99947b146a1b05f2630b2545c9b6ca7071a678fb20633
                                                • Instruction ID: 222f22b6c16f13d6c35edb3cfb1f3fc5b4aee762039e86c2e1f510c6f147ca6c
                                                • Opcode Fuzzy Hash: b9e4ea6fff7e060a8ec99947b146a1b05f2630b2545c9b6ca7071a678fb20633
                                                • Instruction Fuzzy Hash: 2401A2755006009FD720CF16E885766FFD8EF04724F1CD0AADD099B316D2B6E804DB66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05B41302, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostMessageW.USER32(?,?,?,?), ref: 05B4133D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359604750.0000000005B40000.00000040.00000001.sdmp, Offset: 05B40000, based on PE: false
                                                Similarity
                                                • API ID: MessagePost
                                                • String ID:
                                                • API String ID: 410705778-0
                                                • Opcode ID: 4a9b98d331ed1edae05c8d82aafda4d1e8278cb8f3eb67e0189e2cda6b652966
                                                • Instruction ID: 063abed9c5989e60833ba9637a80f967a10bb4707532b7f081e55a5a5b8176bb
                                                • Opcode Fuzzy Hash: 4a9b98d331ed1edae05c8d82aafda4d1e8278cb8f3eb67e0189e2cda6b652966
                                                • Instruction Fuzzy Hash: D3017C35800604EFDB20CF19D884B66FFA4FF04720F18C09ADE494B612D275A458DF62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: LongWindow
                                                • String ID:
                                                • API String ID: 1378638983-0
                                                • Opcode ID: f7b06739f7fb3b6349f7ecf3671f2915c3791d09f8c1247a04c9d408600e82d1
                                                • Instruction ID: ddc8901765772729799ec9490d4610480eb9e8295c2207c2488690eb7c2f31f2
                                                • Opcode Fuzzy Hash: f7b06739f7fb3b6349f7ecf3671f2915c3791d09f8c1247a04c9d408600e82d1
                                                • Instruction Fuzzy Hash: A601DC35400604DFDB20DF05E985B62FFE4EF04720F18D0AADE891B656D2B5A808EFB2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E4A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNELBASE(?), ref: 00E4A6CC
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348083661.0000000000E4A000.00000040.00000001.sdmp, Offset: 00E4A000, based on PE: false
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: e3aa9bfaf20d57a5b77407684920a3a0912f50b797b0c32a34aa1183250a3135
                                                • Instruction ID: a988b8035f19a3d466b02c6db92244745f43cb283d9e325dc3928be62d408226
                                                • Opcode Fuzzy Hash: e3aa9bfaf20d57a5b77407684920a3a0912f50b797b0c32a34aa1183250a3135
                                                • Instruction Fuzzy Hash: F8F0AF34404644DFDB109F15E885762FFA4EF04730F1CD0EADD495B256E2B5A448DFA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808E7C8, Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: C0
                                                • API String ID: 0-2418383021
                                                • Opcode ID: 0b8de90e608ae1f4f8937d50cabb9d26e82f183df42fc3aaac456f4708555283
                                                • Instruction ID: 2d1b01e2522a6ce47da4696f00e4225a5890230c9c690cdc414210d8e6937bca
                                                • Opcode Fuzzy Hash: 0b8de90e608ae1f4f8937d50cabb9d26e82f183df42fc3aaac456f4708555283
                                                • Instruction Fuzzy Hash: CF61F274A01219DFDB50EF64D944B9DBBB2FF84201F5081ADD88DAB394DB305E818FA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4EF8, Relevance: 1.3, Strings: 1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: Xu
                                                • API String ID: 0-3868445026
                                                • Opcode ID: 739271a31d5595be52f9ab3748c02465ed9d3103b08b44f78be3e0f4262bfb61
                                                • Instruction ID: 2c0fbb7c6775a980be8787cfa1ccc9a083ca0194493abd29ce1140108cee3a23
                                                • Opcode Fuzzy Hash: 739271a31d5595be52f9ab3748c02465ed9d3103b08b44f78be3e0f4262bfb61
                                                • Instruction Fuzzy Hash: 5C318F30E0520ADFCB04EFA8E9425ADBBF0FF84301F506969E505BB354EB71AA15DB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08080355, Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: Hjr
                                                • API String ID: 0-1371789598
                                                • Opcode ID: 9ea181cfca121e59c798261617f2a3abc033e33e7281f49edb79c2e65466becd
                                                • Instruction ID: 01dbb60f376d4d641f4edc975d88b5be7d3e897e867eda8deb830544aa57e55d
                                                • Opcode Fuzzy Hash: 9ea181cfca121e59c798261617f2a3abc033e33e7281f49edb79c2e65466becd
                                                • Instruction Fuzzy Hash: 6A31F2B0E01268CFEB65DF65C980B8DBBFAAF88305F4490D9954C6B252CA719EC4CF05
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA7F17, Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: T5cR
                                                • API String ID: 0-2352900142
                                                • Opcode ID: 69aeb58685e02cdd9c81cf0381c5912d2738a9a45d7e33d7690a0f460bcdd539
                                                • Instruction ID: 33d9f9d41ed5307e4d9ac19931bc322a2402e07be713c140d92a1a9f2b7628f2
                                                • Opcode Fuzzy Hash: 69aeb58685e02cdd9c81cf0381c5912d2738a9a45d7e33d7690a0f460bcdd539
                                                • Instruction Fuzzy Hash: BCE0C27090E20ADFC720CF20CA490BAFBB1FB35206F0526E0844BE7220DB305B129F44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08080663, Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: F|
                                                • API String ID: 0-3453128528
                                                • Opcode ID: 87b87acafa0b424bead242417b644acc5cb2a56ee18ded05ede9ad570efece8b
                                                • Instruction ID: 35f0fe6238389f1bfa1633c98d5a0cdcac0716945f928e45dad79fdebe751a3a
                                                • Opcode Fuzzy Hash: 87b87acafa0b424bead242417b644acc5cb2a56ee18ded05ede9ad570efece8b
                                                • Instruction Fuzzy Hash: A6E052B4902228CFCBA4DF28DA85699BAF1AB89301F9060DA950DB7341D6305F88CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E04A8, Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18cec56a3eb83a9df7e73d506890a8f3c856eb6d5251fad2c4e4f7c10aef19a4
                                                • Instruction ID: bd2c2753d339f04ca8dd7c940300b90cb6b6d44d0ba0e7f5fbd6fd51fc4c1320
                                                • Opcode Fuzzy Hash: 18cec56a3eb83a9df7e73d506890a8f3c856eb6d5251fad2c4e4f7c10aef19a4
                                                • Instruction Fuzzy Hash: A1213B7254E3C19FD7038B359C50462BFB8EE4722170A80DBD885CF5A3E2695C49CB72
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084D88, Relevance: .2, Instructions: 157COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 76854ec0cb1f462b3771150077c5f833ceba4212e037acfb91d9dfa298d192d5
                                                • Instruction ID: 09f6c0e70617b036841ac3a00632424550add33602f3316e8a1b6674328ae5f9
                                                • Opcode Fuzzy Hash: 76854ec0cb1f462b3771150077c5f833ceba4212e037acfb91d9dfa298d192d5
                                                • Instruction Fuzzy Hash: 895128B0D00649CFDB04EFAAC4446ADBBF2EF99326F648529D454AB395E7309882CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA5180, Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d8c4ec68529885e031b5b0427adf1e87f8a78729ba47a6fcc7e99836cc17d38d
                                                • Instruction ID: bcf8f88675af6f1718239c570a111e37ac9a083de5abdd7c30d2ce30cbcee648
                                                • Opcode Fuzzy Hash: d8c4ec68529885e031b5b0427adf1e87f8a78729ba47a6fcc7e99836cc17d38d
                                                • Instruction Fuzzy Hash: B461D174E05208EFCB14CFA8D585AADBBF1FF89300F509495E512AB360D774AA60EF21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA5170, Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d9a147e140a36d5a1c00a0edd12404010d887e91905746e2e80076e59499c086
                                                • Instruction ID: 8d6138ed9355aa5939a652e4c4f81a04cbad59429019453c5cecfdf732368925
                                                • Opcode Fuzzy Hash: d9a147e140a36d5a1c00a0edd12404010d887e91905746e2e80076e59499c086
                                                • Instruction Fuzzy Hash: E161D274E05208EFCB14CFA8D585A9DBBF1FF89304F509496E512AB360D774AA60EF21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084501, Relevance: .1, Instructions: 144COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 613a6250227e4192d620e8c2a7d62311da9f42dd1b4d3f360625838bd976366a
                                                • Instruction ID: 25136290bcc79e4e4ee1af9c24ab879a6d8ddd508f9f503da358027af68d732e
                                                • Opcode Fuzzy Hash: 613a6250227e4192d620e8c2a7d62311da9f42dd1b4d3f360625838bd976366a
                                                • Instruction Fuzzy Hash: 0C51EFB4D01208CFCB44EFA9D884AEDBBF2FF89301F10956AE405AB265DB349985CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08088F60, Relevance: .1, Instructions: 107COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 75b2bb585800e43cacf59fdef87dca111977b2752f6c9eca6548fd3aec875399
                                                • Instruction ID: ca28a312ddfc616cdbe95c31a6cfbd5550c525d121e0503f1f208fe65f15f026
                                                • Opcode Fuzzy Hash: 75b2bb585800e43cacf59fdef87dca111977b2752f6c9eca6548fd3aec875399
                                                • Instruction Fuzzy Hash: F94116B4D01209EFCB14EFA8D580AADFBB2FF48315F60816AE445A7341D734AA80CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808E048, Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d297b4acb7ab0ff47e23c707efd27d240dbd63dd5d10e4792ba280da0c45cf37
                                                • Instruction ID: a4ca8b946922a69d1b1a5d5b70bf853fdd70ca2f75923d189dc8b8bd79a0fc89
                                                • Opcode Fuzzy Hash: d297b4acb7ab0ff47e23c707efd27d240dbd63dd5d10e4792ba280da0c45cf37
                                                • Instruction Fuzzy Hash: F241BD71E01208CFDF54DFA9D980A9DBBF6FF88301F24802AD51AAB251DB316996CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AF9D, Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0217d2d778c84dbbec35544cfe274f9717fa0e2836c03ce383e0b634992f293a
                                                • Instruction ID: d459964bd20ce3fb945dfe679c66f950cb9c3d6224e5cd434597c67b5934fabe
                                                • Opcode Fuzzy Hash: 0217d2d778c84dbbec35544cfe274f9717fa0e2836c03ce383e0b634992f293a
                                                • Instruction Fuzzy Hash: E5316FB6508341AFD300CF59EC41A57FFE8EB85620F18C96EF9589B212D275A904CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AE6F, Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69d3ce3edddcca5843c800f5dfe26b8ae60552115566782c739ed05e880cbab3
                                                • Instruction ID: f689f82d673290656e99f55326cb4d7c0918e5b2f869e778e274dfb2fbab0993
                                                • Opcode Fuzzy Hash: 69d3ce3edddcca5843c800f5dfe26b8ae60552115566782c739ed05e880cbab3
                                                • Instruction Fuzzy Hash: E93171B6508340AFD710CF19DC41E5AFFE8EB85621F18C96EFD589B211D275A804CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AD44, Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dedf094b501fe45bf658634bbe3c05e82c80dc377d3e4aab852167a7056c21b9
                                                • Instruction ID: 21381b7bc739c3016f829b989205b05f8aa85938041764d60a2c1963da6b0a1c
                                                • Opcode Fuzzy Hash: dedf094b501fe45bf658634bbe3c05e82c80dc377d3e4aab852167a7056c21b9
                                                • Instruction Fuzzy Hash: 24317176508340AFD710CF09EC41E57FFE8EB89620F18C96EFD599B611D275A808CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4D60, Relevance: .1, Instructions: 90COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9403ca169b8174d16e10d62076b0602d742e60f465711b9119dfdb4791d8d86e
                                                • Instruction ID: 32a6866a051019b2e2c6a2a6201d07b188d6b28a87263271d1fd7dc03daa28d7
                                                • Opcode Fuzzy Hash: 9403ca169b8174d16e10d62076b0602d742e60f465711b9119dfdb4791d8d86e
                                                • Instruction Fuzzy Hash: BD318A70D19208EFCB08CFA9D5816DDFBF4FB4A311F20186AD012F7250D3B5A9659BA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840E47, Relevance: .1, Instructions: 89COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf62843d13c3c5c5568902519bc70a6825d4cd934984e5284b2aaffa7642415d
                                                • Instruction ID: d71da3284fa51dc7632474ca4aaebde60fe8242404e6118719053ea349561c5d
                                                • Opcode Fuzzy Hash: bf62843d13c3c5c5568902519bc70a6825d4cd934984e5284b2aaffa7642415d
                                                • Instruction Fuzzy Hash: 9B316374D0424DCFCB05CFA8C489AAEBBB1AF49304F1484AAED55AB281D730AE84DF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AC18, Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 58747deb170aa80b5cedbe72a55cb87b43623a181c521c837e33b9f3bc03aedd
                                                • Instruction ID: e462ecf8ad1d8b07c77173a8691de4b45b261726d27a48af5bf37315a838be5f
                                                • Opcode Fuzzy Hash: 58747deb170aa80b5cedbe72a55cb87b43623a181c521c837e33b9f3bc03aedd
                                                • Instruction Fuzzy Hash: F721F776508340AFD7108F05EC41E57FFA8EB85630F18C96EFD589B212D275A804CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AA01, Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 58aa2b43245312a37e7fa3445f440dc6d04a20b2b0003421b75666ec35e608e0
                                                • Instruction ID: 28754d22f8c2d775eb02fa9c8a442e04b390d8dbdebcfbde47041c758151192d
                                                • Opcode Fuzzy Hash: 58aa2b43245312a37e7fa3445f440dc6d04a20b2b0003421b75666ec35e608e0
                                                • Instruction Fuzzy Hash: 9F21C7B6548340AFD7118F05EC41E57FFA8EB85B30F18C96EFD499B212D275A504CBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA5D60, Relevance: .1, Instructions: 84COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c88c7e34f0922d669532b20d737cae50ee0c01b968909541086feb66ff5566b5
                                                • Instruction ID: ca644d159056178cb14e69ea2a9c4c84aad5c458dea9274664d50e12b9671b7d
                                                • Opcode Fuzzy Hash: c88c7e34f0922d669532b20d737cae50ee0c01b968909541086feb66ff5566b5
                                                • Instruction Fuzzy Hash: EC31E474A042089FDB08DFA9D454AEEBBF1FF89301F1484A9D849B7361DB315A45CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5B120, Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f33b330981ebb8ebf73d7173ed3cc088db4f435043483077714c98422561899a
                                                • Instruction ID: 9cb6335c56c1c0f24152aa334a515c05ab8d5aef37e7abec8df0f0065684f6c2
                                                • Opcode Fuzzy Hash: f33b330981ebb8ebf73d7173ed3cc088db4f435043483077714c98422561899a
                                                • Instruction Fuzzy Hash: 61314DB550E3819FD342CF298850956BFF4EF8A614F0988DEF8C8DB253D2759908CB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08086579, Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63b2400fa6dfe6c6a7d66e49c3e45f39e7d719208db1e07954583de14b8d21fb
                                                • Instruction ID: 5dbea9c014554872ae7d77b23525ef4851f315b4987dc8ffc8d3c88606a1b8c2
                                                • Opcode Fuzzy Hash: 63b2400fa6dfe6c6a7d66e49c3e45f39e7d719208db1e07954583de14b8d21fb
                                                • Instruction Fuzzy Hash: 0A313AB4E04249DFCB44CFA9C4809AEBBF2FF89310F1185AAD855A7715C3399A85CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5A7EA, Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 599153fc1c059ef8319fe2d129dc7d512b399da696065cac0debc285978d48c1
                                                • Instruction ID: d02c066589c9830eb6109b0034b46da42f89704380d11a3267e706df12401844
                                                • Opcode Fuzzy Hash: 599153fc1c059ef8319fe2d129dc7d512b399da696065cac0debc285978d48c1
                                                • Instruction Fuzzy Hash: A021D776508340AFD7108F05EC41E67FFA8EB85B30F18C9AEFD585B512D275A504CBA6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AD6E, Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bc918584859ddd82ea2116445f3c872c8150dda18485028d26ccb523f8729822
                                                • Instruction ID: 05b22666d6e9f2203e4319b0cf94d1b59e29c28cc413ed6fc464f4f098d0d42b
                                                • Opcode Fuzzy Hash: bc918584859ddd82ea2116445f3c872c8150dda18485028d26ccb523f8729822
                                                • Instruction Fuzzy Hash: 9E214176504304AFD350CF09EC41E57FBE8EB88A30F14C92EFD5897301D271A5148BA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AE9A, Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6f954a1430361576cca86080241be4ca2d0e5bedaaa7a804c967598b549cd953
                                                • Instruction ID: 4e48e3402f90daa5fbdd2e0e767acafa4376c05ce8011931a15784d44021d880
                                                • Opcode Fuzzy Hash: 6f954a1430361576cca86080241be4ca2d0e5bedaaa7a804c967598b549cd953
                                                • Instruction Fuzzy Hash: 62214FB6544300AFD250CF09EC41E57FBE8EB88A30F14C92EFD5897301E271A9148BA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AFC6, Relevance: .1, Instructions: 75COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e92a3f7476edcd7ca057016a04f12a4cf70ea21d7bdbe2159c1a0270f1a4b37e
                                                • Instruction ID: 41b32f5e394fe16d16d587c2448632acc68c6bddc8a6259a7b48dc2b1b7aa31c
                                                • Opcode Fuzzy Hash: e92a3f7476edcd7ca057016a04f12a4cf70ea21d7bdbe2159c1a0270f1a4b37e
                                                • Instruction Fuzzy Hash: 542130B6644304AFD750CF09EC41E57FBE8EB88A30F14C92EFD5897311E275A9148BA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08086588, Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f8dbe8e9f25d30ebf3f493ce023c8496bc1ef7edb60260ef6e5f603393cf8e0c
                                                • Instruction ID: 9bd54fcae1a8f13eb4f951329fc576eb8e354b13583d311e7dcd9fedbee0d173
                                                • Opcode Fuzzy Hash: f8dbe8e9f25d30ebf3f493ce023c8496bc1ef7edb60260ef6e5f603393cf8e0c
                                                • Instruction Fuzzy Hash: 383109B4E04209DFCB44CFAAC4849AEBBF2FB88301F11956AD826A7314D7359A81CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA1659, Relevance: .1, Instructions: 73COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a76ad2037243f4e910a7121eb75b440b4c9c6ae1c1d26ca3cc45260b6948dccb
                                                • Instruction ID: 7f53a26c3eadeb27f360018bccec44caad826bc18b3a102f4e52c6740f26b79d
                                                • Opcode Fuzzy Hash: a76ad2037243f4e910a7121eb75b440b4c9c6ae1c1d26ca3cc45260b6948dccb
                                                • Instruction Fuzzy Hash: 15312CB0E0921ADFCB44CFA9D5809AEBFB6FF89300F14989AD015AB215D734AA11DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840E90, Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e189d38ba96e5bf10aaae2fada1aca0f35c14f345f4f4de982d1c5d2cdd916aa
                                                • Instruction ID: 661fa8e46d7a147be900ef4a7270cae5f66b35b0f9b4c3785093f57d1b252e01
                                                • Opcode Fuzzy Hash: e189d38ba96e5bf10aaae2fada1aca0f35c14f345f4f4de982d1c5d2cdd916aa
                                                • Instruction Fuzzy Hash: 3531B174D04609CFCB04CFA9C589AAEBBB2BB48310F108569E915AB354DB34AE41CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08086698, Relevance: .1, Instructions: 71COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3075b9a02b0133fd3a8cc58468bdf9e69654408f40af4b5b679c74ce3587b911
                                                • Instruction ID: 5660312de7a5391ecc29071cae63f9ba0e57af70e8b56392850db8472d4cd01e
                                                • Opcode Fuzzy Hash: 3075b9a02b0133fd3a8cc58468bdf9e69654408f40af4b5b679c74ce3587b911
                                                • Instruction Fuzzy Hash: 31215E70E05249DFCB04DF99C84499EFBF2FF89310F128599D464AB221D7359A41CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AA2A, Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 59ad14aa354cf84a348e04adacd1213a471d3d7d73465f099275579302fb01e1
                                                • Instruction ID: b1069e0ab45b460fc88b5169237de1136739605eb7eb1995d7cecfc3358a1fef
                                                • Opcode Fuzzy Hash: 59ad14aa354cf84a348e04adacd1213a471d3d7d73465f099275579302fb01e1
                                                • Instruction Fuzzy Hash: BB119376544304BFD6108F0AEC41E67FBECEB84A30F18C96AFD0C5B211E276A5148BA6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AC42, Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 688b7e47b1ee68d39229ff6ee67cc0d9884033d8af61ad9e672437d3dae8d780
                                                • Instruction ID: 20ede0dd3e7d26335f5af69a8d2b0cf0e7eda2ab025d1be8d48a30bd392100cb
                                                • Opcode Fuzzy Hash: 688b7e47b1ee68d39229ff6ee67cc0d9884033d8af61ad9e672437d3dae8d780
                                                • Instruction Fuzzy Hash: 78119676644304BFD6108F4AEC41E57FBECEB84A30F18C96AFD095B211E275B5148BA6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E0724, Relevance: .1, Instructions: 69COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 045e73082b9d7a2bfc7e78a0066e1febefb2495f12a579da467b6cd8329fc64e
                                                • Instruction ID: 015baca085faceab0c3bd32446c85530cd33e147cc2161311c666da2e451202c
                                                • Opcode Fuzzy Hash: 045e73082b9d7a2bfc7e78a0066e1febefb2495f12a579da467b6cd8329fc64e
                                                • Instruction Fuzzy Hash: 8B21903550A7C09FE7038B20C851B56BF75AB47308F1985DFD8855B663C37A8806CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA2FF0, Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f75d2168d5f2925f35ba5ae828ca20c75cefcde87b32ded3c66cc59959f04cb3
                                                • Instruction ID: 084679182545d6a4d64efb2050f2018a650b7a2c282782b6434b3684f277f66d
                                                • Opcode Fuzzy Hash: f75d2168d5f2925f35ba5ae828ca20c75cefcde87b32ded3c66cc59959f04cb3
                                                • Instruction Fuzzy Hash: 89217C70E09249DFCB14DFB5C980AAEFBF1EF85240F1499EAD405A7211E734AA109F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AC98, Relevance: .1, Instructions: 65COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f4c3bbf8eb71ce454c0dca11c174c04ebb9a74a8f28fcb7ca56d4da79f5cb69
                                                • Instruction ID: 0f5b21f78606d7debe2784b771484c4cae2c420ef5dec3f6ce080a494eddb963
                                                • Opcode Fuzzy Hash: 8f4c3bbf8eb71ce454c0dca11c174c04ebb9a74a8f28fcb7ca56d4da79f5cb69
                                                • Instruction Fuzzy Hash: 80215EB550D380AFD702CF19DC51957BFF4EF86620F0989DAF9889B253D235A908CB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5A812, Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 302f7ff67c0d8deddaff3cf4d50b4680c979f000d9ac25c1f4a76af9b7fd853b
                                                • Instruction ID: 2d3993bae22d212fb743629142c25bb1c2b60febf0f994a340496e130a7bff8e
                                                • Opcode Fuzzy Hash: 302f7ff67c0d8deddaff3cf4d50b4680c979f000d9ac25c1f4a76af9b7fd853b
                                                • Instruction Fuzzy Hash: 6011C676644304BFD6108E0AEC41EA7FBACEB84B70F18C56BFD085B601E276B5148BB5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAF3D0, Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac82e73b25dda43035576a977d5b73814a4422708dc23d6b1ade04bada54e406
                                                • Instruction ID: 58082eba184b50bd6cf9343da4d96d5a1a96959345fb1a7ec24885343207fbe2
                                                • Opcode Fuzzy Hash: ac82e73b25dda43035576a977d5b73814a4422708dc23d6b1ade04bada54e406
                                                • Instruction Fuzzy Hash: DD211674E0820ADFCF08DFA9D8455EEBBB2FB88311F1088AAD415A7354DB346A50DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E075C, Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a1ffdf964485afaf75351e060e351521fb061df750f070a7fde610915c8a68ed
                                                • Instruction ID: 944b2b6eeebd9f957eb2a5e0c65c59eb31400dea44b049cd9aeb3630bdb44ce4
                                                • Opcode Fuzzy Hash: a1ffdf964485afaf75351e060e351521fb061df750f070a7fde610915c8a68ed
                                                • Instruction Fuzzy Hash: 7411E734204644DFEB05CB10C981B26BB91AB48709F24D59EE95A2B743C7B7D403CE51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08086A48, Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d426af28607052e4966d08f79f2b35ec53b4c93ca3db0a654d485cf313d578a7
                                                • Instruction ID: dc7848e823688e200c078f16b60976388c3eae7309834e47f2303e07324ad79a
                                                • Opcode Fuzzy Hash: d426af28607052e4966d08f79f2b35ec53b4c93ca3db0a654d485cf313d578a7
                                                • Instruction Fuzzy Hash: C5213674E05249DFDB09CFA9C454A9EBBB2FF89300F14C1AAC855AB355C3359A81CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E0884, Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e51d2d9ef4840f3c1d8380da1bb5ad478cff32d188ca83f3a4c1968869a8a2ff
                                                • Instruction ID: 7fee2c95c90716dca36ee4f0f73b6f713cb797f9aa1f185d5a14bad43ae4e5ce
                                                • Opcode Fuzzy Hash: e51d2d9ef4840f3c1d8380da1bb5ad478cff32d188ca83f3a4c1968869a8a2ff
                                                • Instruction Fuzzy Hash: 1E117C76904200AFE600CE09DC81DA7B7ECEF84A25F14C81EF9499B201E372ED158BA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808FE30, Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8974a2d972c952d289e02028091c3b8b3c6fe66d6275c6b6dc25bc19cd59f3be
                                                • Instruction ID: 2f1582101e7a6b6970e0d941e35c4548b145f9e3bf1383babd71b305b952fc04
                                                • Opcode Fuzzy Hash: 8974a2d972c952d289e02028091c3b8b3c6fe66d6275c6b6dc25bc19cd59f3be
                                                • Instruction Fuzzy Hash: C52115B4D1520ADFCB04DFA9C5815AEFBF2FB89301F20856AD845B7301DB349A818FA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAE6B0, Relevance: .1, Instructions: 57COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9938e9e4ce1cb798049804c601408d822b26e75e094b2f4d274b4cecfbd5931c
                                                • Instruction ID: 945440daef512407ee34391deee79161c4b60164e84de02d92930ca06f08e14d
                                                • Opcode Fuzzy Hash: 9938e9e4ce1cb798049804c601408d822b26e75e094b2f4d274b4cecfbd5931c
                                                • Instruction Fuzzy Hash: 72113771E042188BDB18CFAAD8006DEB7B7ABD8301F04C0AA8509AB254DB741A95CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5B161, Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ef6df851266d9025747c08d7a8db91fd27929f2ab8af42243634d0fc2ccf207
                                                • Instruction ID: 4f95da861a5f0a05852b91a31e05365e5f758c82e0a694038a848e605cc24f30
                                                • Opcode Fuzzy Hash: 6ef6df851266d9025747c08d7a8db91fd27929f2ab8af42243634d0fc2ccf207
                                                • Instruction Fuzzy Hash: 3711DAB5908301AFD340CF19D881A5BFBE4FB88660F14892EF99897311D371E9048FA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08088170, Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 207c86b86e7032de9478f2d739a760a6c912adf826e61d88a97112d3d62d4187
                                                • Instruction ID: 4e81767e8c3b33beaf87fef3850000456333e29b8bfa36ffc21deced127ce3a0
                                                • Opcode Fuzzy Hash: 207c86b86e7032de9478f2d739a760a6c912adf826e61d88a97112d3d62d4187
                                                • Instruction Fuzzy Hash: 06112638D04208EFCB04DFA8D984A9DFBF6EF88301F95C4A9D549AB311D7309A50CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08086A58, Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 410662046fbad22847ed2010de88e67cdf419078c1723c94fddb2de50974a5d2
                                                • Instruction ID: 176308a01e3558bf35fb3cc4eadf9f0c8aaea2dbbde04c164580d2c1cf513b79
                                                • Opcode Fuzzy Hash: 410662046fbad22847ed2010de88e67cdf419078c1723c94fddb2de50974a5d2
                                                • Instruction Fuzzy Hash: 51115874E00209DFDB08DFA9C544AAEBBB2FF88301F11C1AAC815AB354D735AA81CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5A770, Relevance: .0, Instructions: 50COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ddb68193d0af2b7778981c0038ad320a78fc6829b9584013df5ef51ff78752d4
                                                • Instruction ID: a12fc0b18c27951f8352608924e2655e8ba9b9e91d5c8b37f1e691ad755d5010
                                                • Opcode Fuzzy Hash: ddb68193d0af2b7778981c0038ad320a78fc6829b9584013df5ef51ff78752d4
                                                • Instruction Fuzzy Hash: FD01247140E3C06FD3024B259C95A92BFB8DF43620F0C84DBED849F153D2266909C7B2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E05CF, Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de92e01c4394b288797a41a31fb193bc3b3ec0200019a24e1a11f7160055d76d
                                                • Instruction ID: 25ba5584630d2b7e60a60e2e2eb76559e7f48503ed6499123219fe1ce5eab919
                                                • Opcode Fuzzy Hash: de92e01c4394b288797a41a31fb193bc3b3ec0200019a24e1a11f7160055d76d
                                                • Instruction Fuzzy Hash: 4B01A2B65093806FD7028B16EC408A2FFACDE86620709C0AFED498B612E125A905CBB1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05841D78, Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fdffcf21381f9fb7ef0bb3455bd0a463be9da3c198c942e3a217e64cec3ea18a
                                                • Instruction ID: 325705dda47227847b046308bc7e35abaa259df411c92cd56c13392e22bcd3a9
                                                • Opcode Fuzzy Hash: fdffcf21381f9fb7ef0bb3455bd0a463be9da3c198c942e3a217e64cec3ea18a
                                                • Instruction Fuzzy Hash: 02014CB4E04209DFDB04DFA5D4466AEBBB2FF89300F1085AAD815A7344DB345A81CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA50D0, Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a381d4fe6eb2f5d045b8cc521752f7c086a782aa145c0db203992172759d682
                                                • Instruction ID: 6b580e2f2adbc08cbed03d8e0f968771dddb7b42a9d65d26bc9e7c94ae8ad31d
                                                • Opcode Fuzzy Hash: 1a381d4fe6eb2f5d045b8cc521752f7c086a782aa145c0db203992172759d682
                                                • Instruction Fuzzy Hash: 11019E74E08209EFCB14CFA5D95456DBBB6EB85305F10C8EAD404A7350E730AB61DF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA54A8, Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 672a3c0c16c7e1a797e20611a1be5b674f8cf5a5c20f5cbab13b2b3a9477584c
                                                • Instruction ID: 25b3870bf902fdc4c525c1e8d2c750db05da5a813760a4dcfdca8cbca722b14e
                                                • Opcode Fuzzy Hash: 672a3c0c16c7e1a797e20611a1be5b674f8cf5a5c20f5cbab13b2b3a9477584c
                                                • Instruction Fuzzy Hash: 4B016974D06219EFCB08CFA8D5456AEBBB2EB85302F1084AAC405A7354DB34AB60CF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05841D88, Relevance: .0, Instructions: 41COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b2ad0b823975d378d49c9f76a2710fd7bf440f7ca122342f2355d4b5ee78107
                                                • Instruction ID: 43785647d5041d04595ed331bd81441c54e531373a0e7a1911a2e56de9e5a885
                                                • Opcode Fuzzy Hash: 5b2ad0b823975d378d49c9f76a2710fd7bf440f7ca122342f2355d4b5ee78107
                                                • Instruction Fuzzy Hash: 520178B4E0420DDFCB08DFA5D549AAEBBB6FF89300F10C4AAD815A3244EB305A80CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA30E8, Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6cfb2cff56711cfb70f1e4cea82a1754f321bf328933c5ee4cb93561be38157f
                                                • Instruction ID: 3349b8da6a32873923b6abfacdda6f18ff8dbb56e9e58915321559bf43a4f7b3
                                                • Opcode Fuzzy Hash: 6cfb2cff56711cfb70f1e4cea82a1754f321bf328933c5ee4cb93561be38157f
                                                • Instruction Fuzzy Hash: 79012874A05204AFCB05DBA8C899A9DBFF1EF89200F0580E9E548AB361CA31AA51CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA53A2, Relevance: .0, Instructions: 40COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3dc8c351d6da28eedfbbf04eb0eb4dc52ba90ea2d4635bd64893a22ffdbb2c09
                                                • Instruction ID: 0d61308cfce3b5d7ec1c2f919c2f619c61f336c4fdb159265de11aa6a0277fd5
                                                • Opcode Fuzzy Hash: 3dc8c351d6da28eedfbbf04eb0eb4dc52ba90ea2d4635bd64893a22ffdbb2c09
                                                • Instruction Fuzzy Hash: BAF0CD30A052489FC709DBF0C890AEF7FB2DFCA305F048CA9C00573294CE345A51DA50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08085079, Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 214bff4a52f85973cb46d60b2b0f9ba0490ac82bde757dc796ae547298d62c00
                                                • Instruction ID: 84e8f00ee1de8a8ea852e93f55b6449e06006aac5132102b19e933f59ec47503
                                                • Opcode Fuzzy Hash: 214bff4a52f85973cb46d60b2b0f9ba0490ac82bde757dc796ae547298d62c00
                                                • Instruction Fuzzy Hash: 82018F71949246DFDB01DFB4E94818CBFB1EF4A211F1482AAC48997106C7345A88DF52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080840AB, Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7832f36aaaa236b71bcbe359a53793a93bd8eaf3c56993578669854d0b7c9489
                                                • Instruction ID: f28861484b72a846161e83b32a3b0efdaea0749a44a93de40e22d9f8cab4fe26
                                                • Opcode Fuzzy Hash: 7832f36aaaa236b71bcbe359a53793a93bd8eaf3c56993578669854d0b7c9489
                                                • Instruction Fuzzy Hash: EE016D71909384AFDB42DB78C8616DABFF1AF47300F1985EAC4C09B263C6345959DBA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0584248E, Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 575590ba80a49830511126318fa34c234c41bccead4c31c486dbeb8f81dc1c61
                                                • Instruction ID: bb5adcf78886e4392361fed9091d04d3e5fdd30424127cfa5c900d71ecd06734
                                                • Opcode Fuzzy Hash: 575590ba80a49830511126318fa34c234c41bccead4c31c486dbeb8f81dc1c61
                                                • Instruction Fuzzy Hash: FC110575809229DFCB61CF64C945BE8BBB1BB98344F405ADA980EEA250D7349AC6CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA5EE7, Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 31b5b189923f73e589364c0276419db942b9bcc5de2e4d66390ec352452482f6
                                                • Instruction ID: 87c61cd035b8b154050da9204e01daf984f82a246629c99d49c5336ffb790069
                                                • Opcode Fuzzy Hash: 31b5b189923f73e589364c0276419db942b9bcc5de2e4d66390ec352452482f6
                                                • Instruction Fuzzy Hash: EAF03174E092489FCB15DFB4A8156ADFBB0EB85301F1085AACC44B3251DA354925CF95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA562A, Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 36bb3ba706ad9f2b37dc2eb409a659ea8744801f1456214607a27911af6403f6
                                                • Instruction ID: eb4cb4d19acaaf48cb57c6da7d80cedbf08a3cd667a7572e1c77e6659773f638
                                                • Opcode Fuzzy Hash: 36bb3ba706ad9f2b37dc2eb409a659ea8744801f1456214607a27911af6403f6
                                                • Instruction Fuzzy Hash: 4D012874E09249AFCB15DFACC4809DDBFB0FF5A210F1545EAD840A7351E630AA56CF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4E32, Relevance: .0, Instructions: 35COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 34eb5f25ded075843f42ae437c94b0e017363d67d564b21756d11a9b2edc0707
                                                • Instruction ID: 08ba9568e6c9c53202d335271772590fe02ed2dedd9b09a68de67e71c11c6670
                                                • Opcode Fuzzy Hash: 34eb5f25ded075843f42ae437c94b0e017363d67d564b21756d11a9b2edc0707
                                                • Instruction Fuzzy Hash: C3013C75D45208DFCB08CFE8E5815DCFBB0FB89215F209866D012F7250D371AA658FA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08085088, Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0b94075c71b36eade7fbca7435578e76ed7286b7fd9271c3cafe4f6f546d2651
                                                • Instruction ID: 8e3c7d4425c61709fb123dcf8346c2f1a558c4044ab04ff34bb12d69c0123e27
                                                • Opcode Fuzzy Hash: 0b94075c71b36eade7fbca7435578e76ed7286b7fd9271c3cafe4f6f546d2651
                                                • Instruction Fuzzy Hash: 59F0C274D0420AEFCB00EFB4EA4929CBBB6FF49202F108259C48993202D7345BC0DF92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E08C6, Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 108dd1a2aa5cbf9328a5ab17a4947976e3c1a5e6451d8acfae509a6750759a61
                                                • Instruction ID: b0b47722c28e0a57625180c7091b67f081a482bdf0af79d5a8d595dbb767332f
                                                • Opcode Fuzzy Hash: 108dd1a2aa5cbf9328a5ab17a4947976e3c1a5e6451d8acfae509a6750759a61
                                                • Instruction Fuzzy Hash: 7BF082B28052046FD640DF05EC41896F7ECDFC4921B14C52EFC088B701E276A9144AF2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA53B0, Relevance: .0, Instructions: 34COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 692e2066a2882880ac845566297c77d10195fb8190076f880b83e45200fd7041
                                                • Instruction ID: f4bb1a4c426ee45c2b8412bec0ee4d986c3c2c93675ed6153edf7856c053504a
                                                • Opcode Fuzzy Hash: 692e2066a2882880ac845566297c77d10195fb8190076f880b83e45200fd7041
                                                • Instruction Fuzzy Hash: 7DF08270A013089FD708EBF0C480AAFBBB7DFC9305F5098A9840573284CE746A80DA95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842A24, Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a7dcaceeb272b8eb595ad32f8e88df7a147b7dbc1d090c1585c1c9ccb104f0c
                                                • Instruction ID: d8d4cacb60dfa5139d79e81df65432f6ee5212ad3faa7a66522b91d3f2d3f4af
                                                • Opcode Fuzzy Hash: 7a7dcaceeb272b8eb595ad32f8e88df7a147b7dbc1d090c1585c1c9ccb104f0c
                                                • Instruction Fuzzy Hash: 2601D27498432C9EDB71DFA0DC46FD9B7B5FB09704F1085D9A909AA280D771AA81CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080844A9, Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d0a910dcd431d636489ddece51271244d5ff6797c1b3fc9b7167aed362face7f
                                                • Instruction ID: 042af977984fb7479ad766fa39cac3fed2f3a8a69c1adff5169ddf6252b7f16b
                                                • Opcode Fuzzy Hash: d0a910dcd431d636489ddece51271244d5ff6797c1b3fc9b7167aed362face7f
                                                • Instruction Fuzzy Hash: 27F02730809349DFC705EF64C8006ECBF75EF03212F1164D5C880A3252C7305AA4DF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA30F8, Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c06234b72e858d6060cc81d24b35400416a7f6573fc5f786074d5652a96cdb5
                                                • Instruction ID: 282c76c38c73859d1949a714b4d96d0ee97c99756bb67066d905b781da38dfbb
                                                • Opcode Fuzzy Hash: 3c06234b72e858d6060cc81d24b35400416a7f6573fc5f786074d5652a96cdb5
                                                • Instruction Fuzzy Hash: 6FF0C978A00208AFCB04DFA9C549A5DFBF1EF88300F05C0A8E908AB361DA30E950CF41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080842F2, Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5deee3ffc01222c3c44544e07bdb99cc2093632fc437f553c5ff2f3b2d29569
                                                • Instruction ID: 096a07138950b09789ce88077753984a6a706099a86d79556b56cd2d0749b50a
                                                • Opcode Fuzzy Hash: b5deee3ffc01222c3c44544e07bdb99cc2093632fc437f553c5ff2f3b2d29569
                                                • Instruction Fuzzy Hash: 6DF04F71804249AFCF42EFA8C8405DEBFB5EF05300F1045AAF95497211C7319665DFA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E0818, Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                • Instruction ID: 249a224e52dac14309954bc37a10367a6b4fceb66563019f2820ca80f06c01de
                                                • Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
                                                • Instruction Fuzzy Hash: A5F0FB35104644DFD605CB40D940B16FBA2EB89718F24C6ADE9591B752C377A813DE81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0584266D, Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b376241ac19c0e1781de7f2f5fd4e6df22c7f6e821decda2b379bdfc042b058
                                                • Instruction ID: 3042a72640a43839af0fb250a972c37aca4d105cbd28321c4c926f9ff63a718e
                                                • Opcode Fuzzy Hash: 2b376241ac19c0e1781de7f2f5fd4e6df22c7f6e821decda2b379bdfc042b058
                                                • Instruction Fuzzy Hash: 3B01E475D4422E9FDB60DF54C880BE9B7B4FB09308F4085EAE929A7251C7309AC5CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA85F0, Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a6b95340b046569260f8efa6d02d404680ae1112cf04717f82563d53095306d1
                                                • Instruction ID: c4fa7d41bc1c64171bf24c9be83315d4ab1653597c95bd1e99b03b3361f2a2f0
                                                • Opcode Fuzzy Hash: a6b95340b046569260f8efa6d02d404680ae1112cf04717f82563d53095306d1
                                                • Instruction Fuzzy Hash: FE014234906219CFC729CF24CA0969ABBF6AF9A301F1054EAC40AA7260EB315F81CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842169, Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 936cbc0a64d22701a72beb5b5abbe87240004f0451c5cffe4e76b7f4f410ec72
                                                • Instruction ID: d5ee98afcba09014ac056d8366341663610b502e02c3a84272532330dc95c951
                                                • Opcode Fuzzy Hash: 936cbc0a64d22701a72beb5b5abbe87240004f0451c5cffe4e76b7f4f410ec72
                                                • Instruction Fuzzy Hash: 61F0F87580420CAFDF00EFA8D946BDEBBB1FF48300F0085AAE815A2251D3319661EF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08085A90, Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e9804e6ba13cef519b80700654b44e11d53c773d1cf37e49488df75ba6c6426
                                                • Instruction ID: 0afd2153c4d1d4d0621144dbb48971d11ee5d15f5f10b181e508a002965aa66f
                                                • Opcode Fuzzy Hash: 3e9804e6ba13cef519b80700654b44e11d53c773d1cf37e49488df75ba6c6426
                                                • Instruction Fuzzy Hash: 8C01E470E01328DFDBA4DF28D880B9DBBB6FF88201F104599E50AAB254CB305E84CF51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA860D, Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5bbdb48bd0dec507a8838b96640089c0828ae1351feea8ff4e6d0703e4ab6849
                                                • Instruction ID: bca8c88aa1b063b89e726fb49d1b91ae247299a3491f555af042dfe21797b425
                                                • Opcode Fuzzy Hash: 5bbdb48bd0dec507a8838b96640089c0828ae1351feea8ff4e6d0703e4ab6849
                                                • Instruction Fuzzy Hash: F00146349062168FC7168F64C94969ABBF6AB8A302F4010E5C809A7261DB315E84CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840FD0, Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7dbb2500e1eec396a664cd9e6341ed263c954a9d526c4298b5d5e89076f074f8
                                                • Instruction ID: f8ba792c8e9368ba23610299e88d0e74e6db99d61fb9b6e6c2b7bda71e7e69de
                                                • Opcode Fuzzy Hash: 7dbb2500e1eec396a664cd9e6341ed263c954a9d526c4298b5d5e89076f074f8
                                                • Instruction Fuzzy Hash: F5F08C70D043489FD701EBA8D5052ADBBF0EF05200F0040EAC8449B341D7301A49DB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 058424EC, Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a17cd599be2c5d3a6083d324ce4e351cd32c9a956362093093b023c18793b301
                                                • Instruction ID: 0d219420dd3e29fdfa8208cd5f383836668ab58d97f369d133ffc30a4a691dbe
                                                • Opcode Fuzzy Hash: a17cd599be2c5d3a6083d324ce4e351cd32c9a956362093093b023c18793b301
                                                • Instruction Fuzzy Hash: 71F0B2759002688FCBA0CF54DC85BDCBBF0AB88305F1085DAA919E7251DB349AC9CF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084160, Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6544e264a3cf2d52285b162407c5e106d184a5eb336c1c46975b99df66d45b32
                                                • Instruction ID: 7870ce4888a95bdf7bf58e44416c1577defd3df67d2d4ddbccb55364faa01c9f
                                                • Opcode Fuzzy Hash: 6544e264a3cf2d52285b162407c5e106d184a5eb336c1c46975b99df66d45b32
                                                • Instruction Fuzzy Hash: 55F05870D08388AFCB02EBA8C8406A8BFF0AB0A210F1444EAD884DB252C6305904CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 024E05F6, Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348276310.00000000024E0000.00000040.00000040.sdmp, Offset: 024E0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d7f701b40b9e958e1a07de46e84fc3c7c6779478c2305b4d56a158ba931ae1f
                                                • Instruction ID: 82ecdcbb4574993e8ea543dddd9e82dcd12a271bf11623193f1bf6c5c3fbc23a
                                                • Opcode Fuzzy Hash: 4d7f701b40b9e958e1a07de46e84fc3c7c6779478c2305b4d56a158ba931ae1f
                                                • Instruction Fuzzy Hash: 48E092766046008BD650CF0BEC81452F7E8EB88630B18C07FDC0D8B701E135B504CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084118, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c4cd2652240de8bfeb4d7f02cbb5f039084812277c90a0e7d97e65b5bde0abcd
                                                • Instruction ID: 35e7711fb68d37f2821427dd3237e39a27e151e829fdd88f3b1911932227ae83
                                                • Opcode Fuzzy Hash: c4cd2652240de8bfeb4d7f02cbb5f039084812277c90a0e7d97e65b5bde0abcd
                                                • Instruction Fuzzy Hash: 8DE06D30A04348AFC741DBA8C45479C7BF4EF47601F0140E9D888D7251D6315955DB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5B1C3, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95e0196c2aee9ec7a17ae06fc3f97e9718e0fc481cd1a452fb7d4fdc981ba3e7
                                                • Instruction ID: 6e531ec53d41bfcc5671dd8b459f8b884f10a6187e7a1d025777cb4ddd2a56a2
                                                • Opcode Fuzzy Hash: 95e0196c2aee9ec7a17ae06fc3f97e9718e0fc481cd1a452fb7d4fdc981ba3e7
                                                • Instruction Fuzzy Hash: 95E0D8729403046BE2509E0A9C86B53FB9CDB40A30F14C467ED081B702E1B1B5148AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5A7A4, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c1ca6f9691c380949f336a619f07e685287b34bdd30c1d2793d5d825533de0b
                                                • Instruction ID: f3dc1c1a5a976c03e2d11449536c9382580f3f32cbc9f040990c06078f61cb3a
                                                • Opcode Fuzzy Hash: 7c1ca6f9691c380949f336a619f07e685287b34bdd30c1d2793d5d825533de0b
                                                • Instruction Fuzzy Hash: 64E0D8719403006BD2508E0AAC86B53FB9CDB40A70F14C467ED081B701E1B5B5048AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5A9BB, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ada6e2837e01cef9ba4ff03419513bcf82303dc814df6ca0d2a8b6a59e3f402
                                                • Instruction ID: c305c279e5a2a3dfafed1d6fefc4ea84f338fda74adebaa9b2cbf201c97fb720
                                                • Opcode Fuzzy Hash: 5ada6e2837e01cef9ba4ff03419513bcf82303dc814df6ca0d2a8b6a59e3f402
                                                • Instruction Fuzzy Hash: 4FE020719413006BD2508F0ADC86B53FB9CDB40E30F14C467ED0C1F701E1B5B5048AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5ABD3, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24144b70f982550c3c5324db8fd5162b427367e21a11c8bcf39396dce234aaea
                                                • Instruction ID: 6acadb441ded1d35ec11c8ca4e3aed9667e74ee587da6e1047b7ad0306ebfa71
                                                • Opcode Fuzzy Hash: 24144b70f982550c3c5324db8fd5162b427367e21a11c8bcf39396dce234aaea
                                                • Instruction Fuzzy Hash: 24E0D875A407046BD2509E0A9C86B53FB9CDB40A30F14C467ED085B701E1B5B5048AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5ACFB, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26843e7e9d972307278ff5a10be05dea59aec99f3978e74e6c4a8ee33808af57
                                                • Instruction ID: c61b67e7d2960e4b189bc22e575d14163f70e5699e7f5d12e403540891fdb407
                                                • Opcode Fuzzy Hash: 26843e7e9d972307278ff5a10be05dea59aec99f3978e74e6c4a8ee33808af57
                                                • Instruction Fuzzy Hash: DCE0D876A403006BD2509F0A9C86F53FB9CDB40A30F14C46BED081B702E1B1B5048AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AE27, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef843a39f82cb2a6448554052f84c16d311ab1db12f496ad0e2e748f5747a294
                                                • Instruction ID: 96f48291db53da9ba1b3fcc0c74f4ee111c49433e993066f4b88c0aa4e70b183
                                                • Opcode Fuzzy Hash: ef843a39f82cb2a6448554052f84c16d311ab1db12f496ad0e2e748f5747a294
                                                • Instruction Fuzzy Hash: 62E0D8729403006BD2508F0A9C86F63FB9CDB50A30F14C56BED081B701E1B1B5048AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E5AF53, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348095000.0000000000E52000.00000040.00000001.sdmp, Offset: 00E52000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e2a9d4a0a9b6cd56883b0e684b0d995bde03c4735b3dcf2405de9fe4c81ff7d8
                                                • Instruction ID: 9ee03fed006c1abec4d6c727730222161514227d3cd318008cccd9192ed3f92b
                                                • Opcode Fuzzy Hash: e2a9d4a0a9b6cd56883b0e684b0d995bde03c4735b3dcf2405de9fe4c81ff7d8
                                                • Instruction Fuzzy Hash: D1E0D8729413046BD2508F0A9C86F63FB9CDB40A30F18C46BED081B701E1B1B5148AE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080844B8, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f33499fa2d1d53de36da0627c7b14abd1edead66925ff5fc1c82e2037bb4544f
                                                • Instruction ID: f31831f6a8531defe0076012fbcdac92e6cc172ec6fb72ed2aacd795c2932b56
                                                • Opcode Fuzzy Hash: f33499fa2d1d53de36da0627c7b14abd1edead66925ff5fc1c82e2037bb4544f
                                                • Instruction Fuzzy Hash: CCE09A31C05208EBCB08EF64D800AFDBB7AEB46202F10A058D84523211DB305AA4DF98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084300, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53a7ff7f07f0ba2f1611040459d4bb1a60b502360f060455575c68b48c97060d
                                                • Instruction ID: 85f357e3111052372a3cefaf6c99c4ab76becdba664fe5704575bd01da86afb4
                                                • Opcode Fuzzy Hash: 53a7ff7f07f0ba2f1611040459d4bb1a60b502360f060455575c68b48c97060d
                                                • Instruction Fuzzy Hash: 22F0FE7180020DEFCF45EFE4C9419EEBBB5FB08300F00845AF92492210D7319661EF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA6B2C, Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 528a3c0304fe1309107d38233c5ac8e309480008a276157238b42c961e7bf75b
                                                • Instruction ID: 0c15a1eb3e3effbfc5946e938c8d37fd84fa60af3ffc28acf587b4fb7bcdfefd
                                                • Opcode Fuzzy Hash: 528a3c0304fe1309107d38233c5ac8e309480008a276157238b42c961e7bf75b
                                                • Instruction Fuzzy Hash: 71F0ECB4A00228CFC754CF20C984A99B7F1FF49302F1054E9D50AB76A1DB315E85CF59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 058427B3, Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47106fd7063eeb8c771ede8011d1b29c9143eae15d8f32fc14cf4a3dbbb66a5d
                                                • Instruction ID: f6054d345cfc005de951ef1985ebfd505b4f12ef528f47110a169a2c8d03bc9f
                                                • Opcode Fuzzy Hash: 47106fd7063eeb8c771ede8011d1b29c9143eae15d8f32fc14cf4a3dbbb66a5d
                                                • Instruction Fuzzy Hash: 36F0E77481826ACFEB60CF61CC40BEABBB1FB04354F0445D9880AA7254C7325EC1CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAF848, Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2f322ccec6ee62fb59c81a974ff52ae159bec02f23a802f917cf222cfe53cd16
                                                • Instruction ID: 5b616bbf948d7d09dd49d3b908f8148005a6ad60986afd6f3756bb49542057a4
                                                • Opcode Fuzzy Hash: 2f322ccec6ee62fb59c81a974ff52ae159bec02f23a802f917cf222cfe53cd16
                                                • Instruction Fuzzy Hash: E9F0AC75D0120DEFCF45DFD4D9419EEBBB5FB48300F00855AE91462220D7719A61EF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842178, Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 21d09c9cbc94d1969ea7a4b9f62595b290113dfe26ae08f57019e26445bc0011
                                                • Instruction ID: db0acb323b0beda1f4cb03604422ab70cac198137cd9b92caf2896f1a9a3b45e
                                                • Opcode Fuzzy Hash: 21d09c9cbc94d1969ea7a4b9f62595b290113dfe26ae08f57019e26445bc0011
                                                • Instruction Fuzzy Hash: D1F0C975D0420CEFCF45EFA8D940AADBBB1FF48300F0085AAED15A2250D7719A61EF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA86A6, Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52fc4b5151333f270cfe16426e1ebd20be05ba29822ccc4b8cfb2b63117eb198
                                                • Instruction ID: f8dba618b05c590f17a04277ff607fd8f26b4dd3017b8e62613a1dec17b8bc49
                                                • Opcode Fuzzy Hash: 52fc4b5151333f270cfe16426e1ebd20be05ba29822ccc4b8cfb2b63117eb198
                                                • Instruction Fuzzy Hash: AFF0E2B4A012298FCB64CF24CA88A9AB7F0FF4A216F1004E9D50DA7211DB309E85CF48
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA5450, Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4926af019cc1a59de4a3b03a8150dd27da0063e11e28b4d3638cc088f930f1fd
                                                • Instruction ID: f1ac3fe35d422cce565d3939ec50a59cc6197d5a4536567551e4af74400b8b5d
                                                • Opcode Fuzzy Hash: 4926af019cc1a59de4a3b03a8150dd27da0063e11e28b4d3638cc088f930f1fd
                                                • Instruction Fuzzy Hash: F4E09230D49348EFC705DBB4A80164CBB74AB42301F1045FEC804A3380D6345914CB95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 058411FB, Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: adf9e40ffcde2b854193edd46d31cbf2f315e5af5756a84014d28bd67a022392
                                                • Instruction ID: 0b95fb39d15d8a1db4a855cebe98f1f4f7de261f3d676af720c496e38c9d7181
                                                • Opcode Fuzzy Hash: adf9e40ffcde2b854193edd46d31cbf2f315e5af5756a84014d28bd67a022392
                                                • Instruction Fuzzy Hash: 84F01C3090539CCFD794DFA1D589A5DBB75EB06305F109099881AEF655CB348D85CF11
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842615, Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 26c0ce8c8f89354f7f08d15b15ca60a9437c17ea76e69e10ad8a09fd73a0150d
                                                • Instruction ID: 64ee50015a0795e7e5fda9c19ec72a1e8a838592b42a32058e9f4ab17670b473
                                                • Opcode Fuzzy Hash: 26c0ce8c8f89354f7f08d15b15ca60a9437c17ea76e69e10ad8a09fd73a0150d
                                                • Instruction Fuzzy Hash: 11F01539D45218CFDB60CFA1CD80BDCBBB1FB18300F24849AD919AB291D7329A81CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4EA8, Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 836bb7881d21c14c11796add583a13e5aef54d9a5f9f57cc45799c636945fe44
                                                • Instruction ID: 07be62cb8eb7e4d9d35fe828c785e534389795a78a02e7c10d0b598096173a58
                                                • Opcode Fuzzy Hash: 836bb7881d21c14c11796add583a13e5aef54d9a5f9f57cc45799c636945fe44
                                                • Instruction Fuzzy Hash: EDE04F6080D2D85FCF469BB859666AD7FF08F03611F2905EEC88592163E1744A35DB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA6EF0, Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 46fd94e47cf2ab0e294a1c1f4d06997e9b5c047c869a57f0c5b39be3b55cbac2
                                                • Instruction ID: 7866cbec06ab6214607f903d664624b72e66f865147e90f8e1d43b030cd281b0
                                                • Opcode Fuzzy Hash: 46fd94e47cf2ab0e294a1c1f4d06997e9b5c047c869a57f0c5b39be3b55cbac2
                                                • Instruction Fuzzy Hash: 7BE06D34905319DFDB14CB61CD04AAEBB71EB86302F105895A549B7380D7315A029F15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842B0B, Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9a690de9f22c0f6a8f5040fdf9cbc430e3c0b359bf3897e46b1576d03c2aa594
                                                • Instruction ID: deac83d61b0a5083c5fc6dea9be105a1a71f8592d7ba7847a81974500c96ea09
                                                • Opcode Fuzzy Hash: 9a690de9f22c0f6a8f5040fdf9cbc430e3c0b359bf3897e46b1576d03c2aa594
                                                • Instruction Fuzzy Hash: 15F079349062298FDB61CB54CC89B9EBBB2FB89300F1095D9A909A7251D7319E809F50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080840D8, Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: acfb161ce2963ad47c3df1edd13e46797a839b00da6619590599e00d7083f47b
                                                • Instruction ID: b9ad9fc23e9077097de23e73fad1273ec5daebafaf71c8e24d3195e964ac95ea
                                                • Opcode Fuzzy Hash: acfb161ce2963ad47c3df1edd13e46797a839b00da6619590599e00d7083f47b
                                                • Instruction Fuzzy Hash: 06E01A70D00308AFCB44EFA8C8456AEBBF1EB48300F0085AAD814A3340D7705A50DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084170, Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52efa278812d03180228735804e960ae66e8362dfa22f4db8fc77fdb9f4825ae
                                                • Instruction ID: 695e7bb16d3e637dae46be838f08ca695addcd7f0c45a66983eb027e42f3aaf5
                                                • Opcode Fuzzy Hash: 52efa278812d03180228735804e960ae66e8362dfa22f4db8fc77fdb9f4825ae
                                                • Instruction Fuzzy Hash: DFE07E74D00308AFCB44EFA8D9456ADBBF4FB49301F1085AAD818A3350D671AA54DF92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA2476, Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa598177cc8785141251dc153baf61cab65f639d714c5f4d6537f4aba7cbd478
                                                • Instruction ID: 149df41f494f6c7cecac4b907c571448a43b41073a41382efb4920d339d024ca
                                                • Opcode Fuzzy Hash: fa598177cc8785141251dc153baf61cab65f639d714c5f4d6537f4aba7cbd478
                                                • Instruction Fuzzy Hash: 4AF02B78A06368CFCBA5CF69D984AD9BBB1FB49301F1051D9E809A7310D731AE81CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842E63, Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6ccf8540b9b81a0e5e03c90f4213c5da27f26b817d4fe520ddce80370cbcb184
                                                • Instruction ID: 62b6dcb98dcde94fb3f7ade4859e9ac17a3d04d31d424283659dc70e8c48224e
                                                • Opcode Fuzzy Hash: 6ccf8540b9b81a0e5e03c90f4213c5da27f26b817d4fe520ddce80370cbcb184
                                                • Instruction Fuzzy Hash: FFE0CA799042698FCF21CFA1C940BDCBBF2AB49304F1085EAA809A7251C3369A82CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808E398, Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a185344195b09853d8da8d9af423d65e4198c1846b0f11a61b97ce4403fda20
                                                • Instruction ID: 32f83e6916fc8ee224133a627e5372058d78d8a9ffc728913c55b82c69cb3590
                                                • Opcode Fuzzy Hash: 4a185344195b09853d8da8d9af423d65e4198c1846b0f11a61b97ce4403fda20
                                                • Instruction Fuzzy Hash: 46E0E270D05308EBCB94EFB8D50669DBBB5EB84301F108AAEC808A3340D735AA80DF81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080849B9, Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: faddb9321d6bf55279fb3b1f5af6ab34c563d1e18fd0a92b0946bd3368f9b9ce
                                                • Instruction ID: c737892dd509425f6f659dcd50ddc0c7f317c3c3c6c61e4588e2e3d574a1b911
                                                • Opcode Fuzzy Hash: faddb9321d6bf55279fb3b1f5af6ab34c563d1e18fd0a92b0946bd3368f9b9ce
                                                • Instruction Fuzzy Hash: 85E0867554A384CFC716DB64E88148C7FB0AF42225B4949DFD8A4EB3B3C6354306CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAF8A0, Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0ddb7f7acbc27ff75c3b5fc50e8ccbef66d75ee4679aab2e875bacca8c97532b
                                                • Instruction ID: 1499e03d037f6e133ba75485ae13cc1b956d0a49ed0ee1d768c767b8916c5d78
                                                • Opcode Fuzzy Hash: 0ddb7f7acbc27ff75c3b5fc50e8ccbef66d75ee4679aab2e875bacca8c97532b
                                                • Instruction Fuzzy Hash: E9E0B674D0421CDFDB44EFE8D9416AEBBF4EB44304F1089AAC928A3340D7706A51DF92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BADDE8, Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b036718a70bae0b52121a8e069119d3cbece2a05169c4625e1d3e0d96208ddbc
                                                • Instruction ID: 35dcfc8c3b8f3815efb276ea3481d12d283f82997858489d77beb8f4a501da86
                                                • Opcode Fuzzy Hash: b036718a70bae0b52121a8e069119d3cbece2a05169c4625e1d3e0d96208ddbc
                                                • Instruction Fuzzy Hash: 3DE0EC74D04358AFCB44EFB9D50569DBBF4EB4A302F1084E9D818A3350D6355A14DF92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA1FDB, Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d490b36a9ba99f033dbef8d7171225d794f0a25aeeceef68730e34b489abd08
                                                • Instruction ID: 5c1de3208ffe93a2a90f69c25b31ef0f629dd5817c57240eb69251e0d409ef73
                                                • Opcode Fuzzy Hash: 9d490b36a9ba99f033dbef8d7171225d794f0a25aeeceef68730e34b489abd08
                                                • Instruction Fuzzy Hash: D6E0E5349052A68FDB50CF58C584998B7B1FF84350F51A5D5D415AB668D730FA84CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 058431A6, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c596a4617546af518b117938fceb5cb7309c81ec10809bef3127c2a4090355e9
                                                • Instruction ID: 97c316ec6f352c3be4827b5093cdf0164074afbdf0d329a03b6f04cf839fe281
                                                • Opcode Fuzzy Hash: c596a4617546af518b117938fceb5cb7309c81ec10809bef3127c2a4090355e9
                                                • Instruction Fuzzy Hash: 93E0E5789052688FCB60CF60C980ADCBBB1EB48324F1485DA985AA7291CB305EC2CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808E008, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5fce5d8d9b0843d2c0c813073c85aa3326a77851d1345eb6d7fe672ed7bc091
                                                • Instruction ID: 5560c54e02cfc2e496000d3dbe46e103b9cbe9988a6e55bfe3c4f83f8a1a3926
                                                • Opcode Fuzzy Hash: e5fce5d8d9b0843d2c0c813073c85aa3326a77851d1345eb6d7fe672ed7bc091
                                                • Instruction Fuzzy Hash: 52E0E270D01308EFCB94EFB8D00469CBBF5AB44205F1045ADC948A6340E73AAA80CF82
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808E238, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2576c5b4c69ae46af1360ca47de2eca5f101afaef875ad8b2705dffc4b2d721b
                                                • Instruction ID: 7d1e61bf4fa375475437a22f1e2dc1964bd623fe3a6753d2ee5e346a2214a752
                                                • Opcode Fuzzy Hash: 2576c5b4c69ae46af1360ca47de2eca5f101afaef875ad8b2705dffc4b2d721b
                                                • Instruction Fuzzy Hash: D1E0E270D01308EFCB94EFB8D04429CBBB5EB85201F5041ADC858A3340E739AA84DF82
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08084128, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8897c6b392253d9165e27d117ddeb414a0f5a7639e8bbecbc8e47f18ada97140
                                                • Instruction ID: 25f5bc3c0b204293cc5bdd1b565ddb84a246b5586461169e3c5ed3a650c46d32
                                                • Opcode Fuzzy Hash: 8897c6b392253d9165e27d117ddeb414a0f5a7639e8bbecbc8e47f18ada97140
                                                • Instruction Fuzzy Hash: D0E0B674D003089FCB44EFA8D44979CBBF4AB04201F1044E9D808A3350E6755A54CF82
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808DF30, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f3a1ded0908b9b96281fc3ca43736a549f99ce54d2e8d5241e1980149cb24de8
                                                • Instruction ID: 1e59d0c39c379395aabb6eee4091d66a72a0abd53475867b6df5cae9c492315c
                                                • Opcode Fuzzy Hash: f3a1ded0908b9b96281fc3ca43736a549f99ce54d2e8d5241e1980149cb24de8
                                                • Instruction Fuzzy Hash: B3E0EC74901218DBD754FFA8D489659BBF4EB48205F1005ADCD4693241D6316994DA82
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808CF40, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 591bb5e9a01eb3b373d2fa7b8e6f5e852fb16cef360ee3dc7a3fa6d320fc8882
                                                • Instruction ID: 16e4ede0ee1a2688afe4aa527c7d14de081472441349807d5d24e009dbe794c2
                                                • Opcode Fuzzy Hash: 591bb5e9a01eb3b373d2fa7b8e6f5e852fb16cef360ee3dc7a3fa6d320fc8882
                                                • Instruction Fuzzy Hash: 91E0E274E00308EFDB90EFA8D04869CBBF4EB48201F1041A9DC4893351E735AA84DF82
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080849C8, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ab5e2ea0d25511465874e0dbac766585a47d55d8f2af723fc0f661165608be96
                                                • Instruction ID: bd57f93e1b105293af87ba09a0dceab3e6c2361783146313d76bf9b34c3f97b9
                                                • Opcode Fuzzy Hash: ab5e2ea0d25511465874e0dbac766585a47d55d8f2af723fc0f661165608be96
                                                • Instruction Fuzzy Hash: CED05E74C06308DFCB14EFA9E8067ACBBB8AB45202F2044A9C88473351E7715A94DFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAAA78, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 47a7072b69c2948b1329f974bedaba7612caae50b16764a1355c8c078740caa9
                                                • Instruction ID: ff839f442f8697d0a41e2a3ff0ccedf379427806c5984a287927a0089c9095a9
                                                • Opcode Fuzzy Hash: 47a7072b69c2948b1329f974bedaba7612caae50b16764a1355c8c078740caa9
                                                • Instruction Fuzzy Hash: B1D01734941308ABC758FBB8D94936CBBF4AB84601F1004A8C908A3240EA316A95DBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAAC58, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d3f29444cc71570845ef93bee323787fda73a3ba98a5e95da463e8a8396f4aa6
                                                • Instruction ID: bdc55c41c9874f642cf76e1b1139599bcd9c0cfdb219e4f7073087988f2be7e1
                                                • Opcode Fuzzy Hash: d3f29444cc71570845ef93bee323787fda73a3ba98a5e95da463e8a8396f4aa6
                                                • Instruction Fuzzy Hash: 3ED0177890030C9FCB18FFB8D8057ACBBB4AB49201F2004A88904A3250EA306A94DBA6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAE388, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b83f921735f5d5110c9368a1207a61433d1ea38a66872d8fb56e38fb498b18ab
                                                • Instruction ID: 9660033712fe4d62844e309b209de6751ca3c7c519fe025dcf9f7851cadea224
                                                • Opcode Fuzzy Hash: b83f921735f5d5110c9368a1207a61433d1ea38a66872d8fb56e38fb498b18ab
                                                • Instruction Fuzzy Hash: B2D01770D0530CEFCB48EFA8E9457ADB7F4AB44301F2081A9C808A3340DA75AA54EF86
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAAD50, Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8695384106d75cb8608b1fec3870d43345fcb517fbb94c7577094905ec73bc1
                                                • Instruction ID: 8f32bfb1b8102d872750cb858d75af67ef435ab24f53bd5b72ed920114cef832
                                                • Opcode Fuzzy Hash: c8695384106d75cb8608b1fec3870d43345fcb517fbb94c7577094905ec73bc1
                                                • Instruction Fuzzy Hash: 7CD012349103489BC714FBB8D40576CBBB4EB44301F1004A8C944A3250DA716AA4DBA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05842832, Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5c528d4c29a09259e569aee5cbd4a7f755a9ad3281005afa878ce558123e54e3
                                                • Instruction ID: 5af9ab1a7f8d9c61c6aac388fa1ef46daaa2f2196b11b7a4df56edae78e6eb4d
                                                • Opcode Fuzzy Hash: 5c528d4c29a09259e569aee5cbd4a7f755a9ad3281005afa878ce558123e54e3
                                                • Instruction Fuzzy Hash: AEE0EE388092288FCB60CF60C980B98BBB1BB48314F0088DA880DA72A1C7319AC6CF40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAE5B0, Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a387b7fc6ba7c0434cea764614283d9d5eb4cb60bb0418fdfa9e0f23cd66c7a8
                                                • Instruction ID: 0795d0fb3f72bd4bc87cfeb4192c75517e20a0ba54a53bc2410a085d0a008a6d
                                                • Opcode Fuzzy Hash: a387b7fc6ba7c0434cea764614283d9d5eb4cb60bb0418fdfa9e0f23cd66c7a8
                                                • Instruction Fuzzy Hash: E0D05E708113089FC708EFB4940535D77B49B01202F5004BCC80452250EA319A64CB92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA6988, Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd9402c2e6534298ac86ef428cc101564e1a9a36f28cc1815293e8876f9be0e1
                                                • Instruction ID: 51bbf46b1d69308ff978f3c5851601f020fdf223cacf5ab4da6dc3e7ebd815ad
                                                • Opcode Fuzzy Hash: bd9402c2e6534298ac86ef428cc101564e1a9a36f28cc1815293e8876f9be0e1
                                                • Instruction Fuzzy Hash: FDE0DF30A0430ADFCB08DFE1CA4519DFBB1FF58202B14068AC806BB256DB300500CF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA6FE0, Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42de59ba4e54a6651beb8e21d8a4fa432cb09c4738ad085f1f89544480a5a37e
                                                • Instruction ID: d6a19b2956ae0666f71baa4244a3182507eb63164fbab3125db566338129b75b
                                                • Opcode Fuzzy Hash: 42de59ba4e54a6651beb8e21d8a4fa432cb09c4738ad085f1f89544480a5a37e
                                                • Instruction Fuzzy Hash: EDE0867090965ADFC724CF10C88056EFBB1FB25241F1456D6C086F6250DB316B41CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA6F51, Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9d71310c08b0e366756d2ffd1732d36d8cd6018a86be4d17ab70570ebfde3f31
                                                • Instruction ID: 6d91de4e8af95281496d57cfffba024a97bd2f949aa8dcab1777adff9ad0b638
                                                • Opcode Fuzzy Hash: 9d71310c08b0e366756d2ffd1732d36d8cd6018a86be4d17ab70570ebfde3f31
                                                • Instruction Fuzzy Hash: 2DE0C93490165A8FCB18CB61DD8565EBBB1BB49202F1054A6C40AF6290DF716E44CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E423F4, Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348074580.0000000000E42000.00000040.00000001.sdmp, Offset: 00E42000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 251e529ee8c03af25105eb243967851f4a26e5dd5e032a3ecbc057f179ce5aaa
                                                • Instruction ID: b21a9f45a7fff3ae64fb842171ac445655b6a00466abd631d804286d71ddf4cd
                                                • Opcode Fuzzy Hash: 251e529ee8c03af25105eb243967851f4a26e5dd5e032a3ecbc057f179ce5aaa
                                                • Instruction Fuzzy Hash: 5BD05E79215A818FD3268A1CD1A8BA53B94EB51B08F8644FDF8008B6A3C768E981E200
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA8B47, Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c698960ad74b9198ff26ad27cc46066cd7fb0f89913c92abaa9e143a16842260
                                                • Instruction ID: ea447a93f66419081a752159138eb258e3a8e4043be5946a55ebc998a65dc647
                                                • Opcode Fuzzy Hash: c698960ad74b9198ff26ad27cc46066cd7fb0f89913c92abaa9e143a16842260
                                                • Instruction Fuzzy Hash: 8DE0C27180A3258FCB00CF90CA4069ABB74FBAA301F0000E3860ABA243D7398B10DF91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00E423BC, Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.348074580.0000000000E42000.00000040.00000001.sdmp, Offset: 00E42000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6988d14a61c5947a0451186c682937904ad92abea257a94852cf7cd8b2256600
                                                • Instruction ID: 4843586799c6b0392b8cf06a358fc7c35734826df016081ef5760ba9ca745477
                                                • Opcode Fuzzy Hash: 6988d14a61c5947a0451186c682937904ad92abea257a94852cf7cd8b2256600
                                                • Instruction Fuzzy Hash: F2D05E342002828BC715DF0CD594F5937E4AB41B04F0654ECBD008B662C3A8DC81C600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080871FD, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cff34ed64632e56f85468dcd87a50308d232e6523a9a1cd46c65b7e94c45883f
                                                • Instruction ID: 9a38905ca4874241284fd8095c0ae7ea9c90bff5b0fd8b6ed17a9fd02f1987fb
                                                • Opcode Fuzzy Hash: cff34ed64632e56f85468dcd87a50308d232e6523a9a1cd46c65b7e94c45883f
                                                • Instruction Fuzzy Hash: C7E0E234906359EFC758CF64C5888987BB2FF09356F5114A8E40B9B661CB3AEAC0CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA6C81, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c420d8c4a8b52c70231301f7fd0c398659f23c41fc9ec35e582c03547014a524
                                                • Instruction ID: 516090443d8fcddcbbb95f54621c8457fed069795bfe8b08ed8b9ca8c7d5d367
                                                • Opcode Fuzzy Hash: c420d8c4a8b52c70231301f7fd0c398659f23c41fc9ec35e582c03547014a524
                                                • Instruction Fuzzy Hash: E1E09AB49022198FCB54CF64C988699B7B1AB49211F5124D99509A7211DB346B80CF15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA74D1, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 331ffd269ce91305a4c2648b4e2780b7b66a21d60cab6556e6c3514a4f62b981
                                                • Instruction ID: caeddf25e20d1d37911e0fc3bb175745867e828ec372179b3335a7d3029efba9
                                                • Opcode Fuzzy Hash: 331ffd269ce91305a4c2648b4e2780b7b66a21d60cab6556e6c3514a4f62b981
                                                • Instruction Fuzzy Hash: 54E0EC38D07315CFCB50CF70C988699FBB0BF49301F1045EAD409A7214DB309A449F01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA0070, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f59c26e2032857412f5b3b5172a26a9fe48fea15cd2feb86687a9045b198ae2
                                                • Instruction ID: c642551a259c81410b27aa14d97df0a06c2de4e4efad37ea0eb5ed4eb0c0a5bd
                                                • Opcode Fuzzy Hash: 8f59c26e2032857412f5b3b5172a26a9fe48fea15cd2feb86687a9045b198ae2
                                                • Instruction Fuzzy Hash: 61C012704053089FC315EFB59809716B798D706206F1048A4940C93110DA7199149AE2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA73E4, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0d6ba8a0180ac9637bbfa44f8c403bed9022bf2aab0606c60b59b62b8371a991
                                                • Instruction ID: 20a179911cef741eb4a3eb27274f59c2d1b22cda8d0f37e9f49f19235756a7c5
                                                • Opcode Fuzzy Hash: 0d6ba8a0180ac9637bbfa44f8c403bed9022bf2aab0606c60b59b62b8371a991
                                                • Instruction Fuzzy Hash: DBE092789067299FCB60CF64DE946AABBB0FB49242F0029D5D40AE7250E730AB81CF00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA8BC0, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7250020daeccf5324e2588c39e27664eb345f0fabb4f77c3f846b83c2684391
                                                • Instruction ID: 456e9d45b7520f0e60db8a2a2fd14a382c49fd45c916d28d3c9b3a764c27e959
                                                • Opcode Fuzzy Hash: d7250020daeccf5324e2588c39e27664eb345f0fabb4f77c3f846b83c2684391
                                                • Instruction Fuzzy Hash: C2E09234D066299FCB61DF64CA44A99BBF5BB89605F1114E9D409E7220DB719B818F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA7D05, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5482c5f9d5b4fca82191c277786832c9115ac3b2e4578b9708203218c6684e0
                                                • Instruction ID: bfedb3e051ba7bac4f62dad0581b1d8a27ec24bbb587e29dab18a9e5ff2153f3
                                                • Opcode Fuzzy Hash: a5482c5f9d5b4fca82191c277786832c9115ac3b2e4578b9708203218c6684e0
                                                • Instruction Fuzzy Hash: 6DE0923490626ACFDB25CFA4C958A99B7B4FB49201F0024E9E409F7290D7319B418F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080859A1, Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 352152bafbff142c0479350d59303daa84028986047a77f75ccedb885aeada40
                                                • Instruction ID: 7bd5ec2d9187969470ae0d6e588590ed75be69a5398dc63af70b100e48e2f6a3
                                                • Opcode Fuzzy Hash: 352152bafbff142c0479350d59303daa84028986047a77f75ccedb885aeada40
                                                • Instruction Fuzzy Hash: BED09E70D066299FDBD4DF98DCC1A9EF7F6FB45200F206699E149B7244DB3059848F05
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA7EA4, Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bca78609b7780aa4ec438dfa555046582e89133224db7386d6800e27489a4e6c
                                                • Instruction ID: a1fb2b4c6f2af4ff18962f688e0265644c386bd1009f4ef823acbe7b14e1887e
                                                • Opcode Fuzzy Hash: bca78609b7780aa4ec438dfa555046582e89133224db7386d6800e27489a4e6c
                                                • Instruction Fuzzy Hash: 2FD01770A06219CFC714CF60CA499AAB7F1FF59206F0515E8840AE7260DB301F00CF04
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA27A3, Relevance: .0, Instructions: 9COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91d486884d259e829a236d7e601ceafda94b57365f496f91c582b1b9821a7d01
                                                • Instruction ID: 2861f9ae4b66a7c4804cb3a7c15ce2b740fd33954adb8a6c0fb2d55b1d9267f3
                                                • Opcode Fuzzy Hash: 91d486884d259e829a236d7e601ceafda94b57365f496f91c582b1b9821a7d01
                                                • Instruction Fuzzy Hash: 1ED0C97150A354CFC748CBA0D244458BBB2EB49301F105599D406BE259D774AA80CE00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 058412BE, Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 779dbba8f49bad55591a6220f4a1268e43b7432f617b0afed8d9be119b2f7aca
                                                • Instruction ID: a4e88b3db630b2f50a6abaf9972f4b3d625def9c789d3bbc71806d4cb0b202d1
                                                • Opcode Fuzzy Hash: 779dbba8f49bad55591a6220f4a1268e43b7432f617b0afed8d9be119b2f7aca
                                                • Instruction Fuzzy Hash: B5C01232901248CBDB40CFA0D5949ADBB76FF88342F21840D848A9A248C7746A80CF65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA7CC9, Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7e5e6772db8f8ab44f1f4c5cf8c3810fcdd9f835d801aa0ddbde5f7927b8c5ca
                                                • Instruction ID: f3d7fc074b4a8610457262870a58887840137174953690ab8bf0affa02194e26
                                                • Opcode Fuzzy Hash: 7e5e6772db8f8ab44f1f4c5cf8c3810fcdd9f835d801aa0ddbde5f7927b8c5ca
                                                • Instruction Fuzzy Hash: DBC012305063168FC714CF50C94015EB770FB45311F001C858005F1284D7745A408E61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 0808D2A0, Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: Pw(
                                                • API String ID: 0-3876321409
                                                • Opcode ID: 5f2225edc5a397bc782f57f3002178891def512eea8db0805344077e0ccc7767
                                                • Instruction ID: 41a8814cbc46636aecf3d459b6379488806d79ff3e683ffc2ba1f9211c3e41bf
                                                • Opcode Fuzzy Hash: 5f2225edc5a397bc782f57f3002178891def512eea8db0805344077e0ccc7767
                                                • Instruction Fuzzy Hash: E6C15774D05259DFDB14EFA9C580AADFBB2FF89305F20826AD845AB345C7349A82CF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4960, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: 4b07639341b6ea2e47749b7b2d9adae312948402ff2c9987ce20ecd23e3aeb1e
                                                • Instruction ID: 25b9e2885460d497595def6eba56dad371048412d8f6ef83aea33b017144c076
                                                • Opcode Fuzzy Hash: 4b07639341b6ea2e47749b7b2d9adae312948402ff2c9987ce20ecd23e3aeb1e
                                                • Instruction Fuzzy Hash: 3C61F374E1921ADFCF04CFA5C5419AEFBF1FB89200F1095AAD415B7214D378AA11CF56
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4951, Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: ,
                                                • API String ID: 0-3772416878
                                                • Opcode ID: 032cfdcc349d057342e3a84fed7ae106108fbd9a923e4f7a2cb524b53c69efab
                                                • Instruction ID: b563ca225d02c5f77ebd9e92f5b8231ff95baa2ff1765aec5e5211b433aa7229
                                                • Opcode Fuzzy Hash: 032cfdcc349d057342e3a84fed7ae106108fbd9a923e4f7a2cb524b53c69efab
                                                • Instruction Fuzzy Hash: 3C611274E1921ADFCF04CFA9C5419AEFBF2FB89200F1095AAD415B7214E338AA158F56
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4238, Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: 8p^<
                                                • API String ID: 0-1266510687
                                                • Opcode ID: 95493c5ec5f0c14bf6c601ad5b67ae31e8365154e85f1c2fadd595dc814156b2
                                                • Instruction ID: 0983d0dcd29b6baf6944b88aee2fe9ed26f263bad1560b807bd7284daccce475
                                                • Opcode Fuzzy Hash: 95493c5ec5f0c14bf6c601ad5b67ae31e8365154e85f1c2fadd595dc814156b2
                                                • Instruction Fuzzy Hash: 5751E274E19219EFCF04CFA8D5809AEFBF1BF48344B10859AD405AB214D770AA91CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4228, Relevance: 1.4, Strings: 1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: 8p^<
                                                • API String ID: 0-1266510687
                                                • Opcode ID: 65dcfe3de531213c701b95fafee30b9b6d43b2b8517dd90948961c333c752e2b
                                                • Instruction ID: 505c98506a1fbd24c7bdd65a42b65cb24ea6b7807d6189a2327deb6591af7cc5
                                                • Opcode Fuzzy Hash: 65dcfe3de531213c701b95fafee30b9b6d43b2b8517dd90948961c333c752e2b
                                                • Instruction Fuzzy Hash: 54510374E19209EFCF04CFA8D5849AEFBF1FF48344B1485AAE405AB211D370AA91CF95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BACDC8, Relevance: .2, Instructions: 200COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6abbf1760273dc5ea6d9ded9df84b2a1f957343d4fbc6178149e97b2ed13b48c
                                                • Instruction ID: 562a4e718076e173c90986265efe623ccabad7e34dbb553a4675c70d3da74bc4
                                                • Opcode Fuzzy Hash: 6abbf1760273dc5ea6d9ded9df84b2a1f957343d4fbc6178149e97b2ed13b48c
                                                • Instruction Fuzzy Hash: 3D91F474E04258DFDB14DFA9C5809ADFBB6FF89304F24C6AAC414AB215D730AA52DF50
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA37B1, Relevance: .2, Instructions: 167COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 92f44f68ab099973de6cb728c2941c5918cc68738d84d0478263ecd07530824d
                                                • Instruction ID: 2e80bea7b6f28398e6a53652abe0716fb67a47272951dea840089327a7309330
                                                • Opcode Fuzzy Hash: 92f44f68ab099973de6cb728c2941c5918cc68738d84d0478263ecd07530824d
                                                • Instruction Fuzzy Hash: CF71E074E18209EFCB44CFA9C08599DFBF1EF8A310F14E49AD815AB210D334AA51DF25
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA37C0, Relevance: .2, Instructions: 165COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07b5d2d2d26ec6ebc3412be620ef843363a65e3bd29c21b9ce7fdb4de92aec31
                                                • Instruction ID: aa2f808d17cdbc6e8ede57563f773366526a532b44461629ecbaa67af9007eba
                                                • Opcode Fuzzy Hash: 07b5d2d2d26ec6ebc3412be620ef843363a65e3bd29c21b9ce7fdb4de92aec31
                                                • Instruction Fuzzy Hash: 8D71DD74E18209EFCB44CFA9C18599DFBF1FB89310F14E49AE815AB210D334AA90DF65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08088898, Relevance: .2, Instructions: 155COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8fa553c7d9644b92e25f0eae7588d517b50fb50e2dfe69755ab6bf4c1a7b8104
                                                • Instruction ID: 8962a40307683f8d585061008eff2c31010807c00be0a1fa39eca47e8b2a1691
                                                • Opcode Fuzzy Hash: 8fa553c7d9644b92e25f0eae7588d517b50fb50e2dfe69755ab6bf4c1a7b8104
                                                • Instruction Fuzzy Hash: 2461B874E14209EFCB44DFA9C18499DFBF2BF49311F54D1AAD859AB214D338AA81CF20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAA370, Relevance: .2, Instructions: 151COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 03738b3803f2edd731db48f2ecde2e09d9705c5b5e807307d46a732934d873df
                                                • Instruction ID: b666c4bd7fb90c53cd09481e211f8644ea07311e4eea5bdb9db5c90b952bbae7
                                                • Opcode Fuzzy Hash: 03738b3803f2edd731db48f2ecde2e09d9705c5b5e807307d46a732934d873df
                                                • Instruction Fuzzy Hash: 8A61F370E05209DFCB04CFA5C6849EEBBF1FB88301F2099A9D816B7254EB706A41DB65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 058421C0, Relevance: .1, Instructions: 144COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ca66158d19f0c26a7a273cd1cd2e3dd5de6be41a0ad1b1469b03f15b32839f4f
                                                • Instruction ID: b22f093701e3fb098956cd9029f863621d64e8b77f359e884c00c99302f42b8a
                                                • Opcode Fuzzy Hash: ca66158d19f0c26a7a273cd1cd2e3dd5de6be41a0ad1b1469b03f15b32839f4f
                                                • Instruction Fuzzy Hash: E0512675D0922DCBDB24CF6AC8447A9FBB2BB89301F0084EAD81DE7610EB305E859F15
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08089A28, Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 929d26bd03326cafd0179364aa4f94f0971849465c6b57f6e9e8b8d8f2fd64ac
                                                • Instruction ID: d40e4508b60d6384bbf439a1e54dabb4452446e906e571c23183f4c09f3da875
                                                • Opcode Fuzzy Hash: 929d26bd03326cafd0179364aa4f94f0971849465c6b57f6e9e8b8d8f2fd64ac
                                                • Instruction Fuzzy Hash: B1511070D14219EFDB04EFAAC5819AEFBF2FB88301F10956AD456BB210D3349A81CF94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 080892B0, Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f79f19f69385426eb4b74f8e833fe755fcd9143b79243b452782e08daa65af68
                                                • Instruction ID: 0c831906cc4e693dff2c0755abbaf890430f958cb2020839e4616b7bc115db0b
                                                • Opcode Fuzzy Hash: f79f19f69385426eb4b74f8e833fe755fcd9143b79243b452782e08daa65af68
                                                • Instruction Fuzzy Hash: 6051C3B4D1521ADFCB04EFA9D5819AEFFB2FF48301F109659E455AB241C330AA81CFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA9FC8, Relevance: .1, Instructions: 133COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5156c2bfcfff244e8f9562f645ac4bcb39a7dd76dc27d642c737b6814f9a24bf
                                                • Instruction ID: 45fa8297c9d15eace5dc0873f4c2efdb29ad13ea065a037b54ba4cd0104705ce
                                                • Opcode Fuzzy Hash: 5156c2bfcfff244e8f9562f645ac4bcb39a7dd76dc27d642c737b6814f9a24bf
                                                • Instruction Fuzzy Hash: B0510874E0920ADFCB14CFA5C6815EEBBB5FB8D300F2095AAC406BB250D7356A51DF64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA9D78, Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da259f5f216cde3cfb19e7f0583d5e07785a0e3ec46995774412ba32e22eda07
                                                • Instruction ID: 17e7e88c461056632e4873d81680694dfb92ba240dc198cf762644bfb79fdde5
                                                • Opcode Fuzzy Hash: da259f5f216cde3cfb19e7f0583d5e07785a0e3ec46995774412ba32e22eda07
                                                • Instruction Fuzzy Hash: 824117B0E09209DFCF04CFA5C6855EEBBB1FB89300F1099AAD405BB250E7346A51EF65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08089C48, Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7a8bb016f92d0a149dca5749091c21d27c4742b732a4fa7792ef6c2495051e6e
                                                • Instruction ID: 8d242781caec47fe0bf6554121e3db62aefc41b110646ec6b0b02fff904744cd
                                                • Opcode Fuzzy Hash: 7a8bb016f92d0a149dca5749091c21d27c4742b732a4fa7792ef6c2495051e6e
                                                • Instruction Fuzzy Hash: 0641E7B1D0520ADFDB44EF99C5816AEFBF2FB88301F20846AC405BB214D3359A81CF95
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4BA0, Relevance: .1, Instructions: 95COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a67e284f5bdc13eca8d35ee5e8efcc44dfbae5e6464cf91ff7a74bfd0bf4bb8
                                                • Instruction ID: 20e37ae98b40297bc0e8ca4bf13ea2c01533ca2e753d8a0be7a392bcf1d65920
                                                • Opcode Fuzzy Hash: 6a67e284f5bdc13eca8d35ee5e8efcc44dfbae5e6464cf91ff7a74bfd0bf4bb8
                                                • Instruction Fuzzy Hash: A0412970D0920ADBCB04CF99C9815AEFBF1FF89300F20D59AC415BB250E774AA55DBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA4BB0, Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 502336c1cb8eef42a8acec65eda6f5748abc67f5a5747ea8abe852bc27316852
                                                • Instruction ID: e6ab91d829afd585cf79685e362c373e0b5aa50e161fc0fc85a7613b27169aeb
                                                • Opcode Fuzzy Hash: 502336c1cb8eef42a8acec65eda6f5748abc67f5a5747ea8abe852bc27316852
                                                • Instruction Fuzzy Hash: FA411770D0820ADBCB04CF99D9815AEFBF1FF88300F60D59AC419BB204E774AA55DBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 08080070, Relevance: .1, Instructions: 91COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ca83d9b1cdbe93cdecdd597944c8f9d1c37d0c377eb47b4595f887ab32e1b15
                                                • Instruction ID: 8f0c1fba79d39940ca70918ba65597963cb1f00494195f0debf1516bce8e5629
                                                • Opcode Fuzzy Hash: 2ca83d9b1cdbe93cdecdd597944c8f9d1c37d0c377eb47b4595f887ab32e1b15
                                                • Instruction Fuzzy Hash: C64164B1E016588BEB58CFABD95538EFAF6BFC8304F14C1AAC558A7264EB7405458F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808006C, Relevance: .1, Instructions: 83COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 38eee4e010e2923a616cfb0f5ee5afcc2efaaeba143f8369a116b5e61827a424
                                                • Instruction ID: 71126a0ca115d1f442188a096b4252d3b36bd0e96382d09cbeb351bc2ea2c8a7
                                                • Opcode Fuzzy Hash: 38eee4e010e2923a616cfb0f5ee5afcc2efaaeba143f8369a116b5e61827a424
                                                • Instruction Fuzzy Hash: EA4166B1E01A588BEB58CFABC95578EFAF3BFC8304F14C16AC548A6264DB7405468F40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05843828, Relevance: .1, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2178aa495fadb3aa82ecb49a81cdec2f66a81b4513747788ce1372747bd6af3f
                                                • Instruction ID: 0f85e2e134cdb3620a9c28c87d1c64a884530b6026c1c01d7e47f42a7d9dab75
                                                • Opcode Fuzzy Hash: 2178aa495fadb3aa82ecb49a81cdec2f66a81b4513747788ce1372747bd6af3f
                                                • Instruction Fuzzy Hash: C7211770D0A20CEADB04CFA5D489BEEFAF6AB0A315F105829EC15B3290CA784984DF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05843819, Relevance: .1, Instructions: 78COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3e6f7ba6ad4ad7c80b85ccea6bb9d6545d536f2fcf9a2e12141994596dcb2e4c
                                                • Instruction ID: accf53547ac9ff6f9cb2b530f383e40d0d9e0ec2bb33d788cb31db482f59eeea
                                                • Opcode Fuzzy Hash: 3e6f7ba6ad4ad7c80b85ccea6bb9d6545d536f2fcf9a2e12141994596dcb2e4c
                                                • Instruction Fuzzy Hash: E1212A70C0520CEBDB04CFA5D486BFEFAB6AB0A315F145829EC15F3241CA788988CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0808D870, Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.360557553.0000000008080000.00000040.00000001.sdmp, Offset: 08080000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07cea67b6b783f1161985992c32a75cb97abd406eae9c839528a2405f7d96b69
                                                • Instruction ID: 7ed1cb90211fa11c9896c862cc184c1e92d09e1ab702b3a2b067d65ff26ff07b
                                                • Opcode Fuzzy Hash: 07cea67b6b783f1161985992c32a75cb97abd406eae9c839528a2405f7d96b69
                                                • Instruction Fuzzy Hash: 4C211771D05609DFDF48CFAAC9411AEFBF2BF88301F24C66AC818AB295E73456418F44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BAB8B8, Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17a7694039afd141ff5dcb9dbae4cf09d7a9f7662f42e8cb493cdb1e0940e4d4
                                                • Instruction ID: fe611d2e81320a1ff8c8b834936e85d84aafe3f5aa6d59f2c0e20ab507c9bee5
                                                • Opcode Fuzzy Hash: 17a7694039afd141ff5dcb9dbae4cf09d7a9f7662f42e8cb493cdb1e0940e4d4
                                                • Instruction Fuzzy Hash: 2B11E871E05608CFDB18CFAB854129EFBF6ABC9200F14C56AC528AB215EA3456129F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840919, Relevance: .0, Instructions: 45COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2204bba1a9bf9752142b0c631c7d53f320a12d474bea39f915b8e1ac01ce1f22
                                                • Instruction ID: 19900176cf33393ce8b26f32fbc4da8d97f0f034e8f1a4d23aed25b0c9d1409f
                                                • Opcode Fuzzy Hash: 2204bba1a9bf9752142b0c631c7d53f320a12d474bea39f915b8e1ac01ce1f22
                                                • Instruction Fuzzy Hash: CC1118B1E096498FEB59CFAAD54429EFFF3AFC9200F14C47EC844AA215D63446068F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 05840928, Relevance: .0, Instructions: 44COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.359304663.0000000005840000.00000040.00000001.sdmp, Offset: 05840000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a103ea0331d257ba6a6886d2a0ed72779c7ed2048eafbb3a69abf2dc01371073
                                                • Instruction ID: 796bdae0dff24448fa071cc6142ac3591011c9f8fb2a222fc84d8f1b198a5894
                                                • Opcode Fuzzy Hash: a103ea0331d257ba6a6886d2a0ed72779c7ed2048eafbb3a69abf2dc01371073
                                                • Instruction Fuzzy Hash: 26110CB1D05608CBEB58CFA7C54529EFBF7AFC8200F14C52AD918AB214DB3456118F51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 04BA0DD8, Relevance: 6.5, Strings: 5, Instructions: 243COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.351255622.0000000004BA0000.00000040.00000001.sdmp, Offset: 04BA0000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: 8$ 8$P<$lf+B$9
                                                • API String ID: 0-1892875372
                                                • Opcode ID: d353f05b9f564a763cdd75fc5eabe7f6299873e458a42b67be8bfb2cc54503bd
                                                • Instruction ID: 3c682cd0c65d11fcfc2fc94bc2b8c744040e1e50eaee9b341aa60539afb5290f
                                                • Opcode Fuzzy Hash: d353f05b9f564a763cdd75fc5eabe7f6299873e458a42b67be8bfb2cc54503bd
                                                • Instruction Fuzzy Hash: E7B1C370E0021A9FCB44DFA8D88199EBBF2FF88310F609569E515BB355DB70A946CF90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: Purchase Order.exe PID: 6784 Parent PID: 6632 Purchase Order.exeCOMMON

                                                Executed Functions

                                                Function 02FB2477, Relevance: .2, Instructions: 233COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.428323768.0000000002FB2000.00000040.00000001.sdmp, Offset: 02FB2000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a30ed8aac31ecdfffe758031f122f00dba2c3e318d60c5998d06c47e7e4ffbca
                                                • Instruction ID: 90be67fd7624977b9f7721c03078e503a535e9088c420a6c2b23dcbbcea8a7d8
                                                • Opcode Fuzzy Hash: a30ed8aac31ecdfffe758031f122f00dba2c3e318d60c5998d06c47e7e4ffbca
                                                • Instruction Fuzzy Hash: 06717AA2A1E3C18FC707973699796D47FB19E1328870A24DBDAC0CB6B3D1184D0AC726
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 030605CF, Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.428392896.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a13bc83dba4f0f23caacc8842cb1b3b313d15631b398e9b129a922d8c6b0794
                                                • Instruction ID: f6fd4db20bee0db70276598fee291d035463d020eee2e629a66e768335144a3b
                                                • Opcode Fuzzy Hash: 6a13bc83dba4f0f23caacc8842cb1b3b313d15631b398e9b129a922d8c6b0794
                                                • Instruction Fuzzy Hash: AE01DB755097805FD3128F16EC40853FFF8DF8623071984ABED898B212D1757908CB75
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 030605F6, Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.428392896.0000000003060000.00000040.00000040.sdmp, Offset: 03060000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 94e6c8e684ccfddeec1e4eb1cfbd14bfcb7df7f4d4046c5c65d4617edf9e345a
                                                • Instruction ID: 20a475da5cc39995998d2fe40e1d94da1594a3aac3a2317d1a6d6212348642f1
                                                • Opcode Fuzzy Hash: 94e6c8e684ccfddeec1e4eb1cfbd14bfcb7df7f4d4046c5c65d4617edf9e345a
                                                • Instruction Fuzzy Hash: B1E09276600A008BD650CF0BEC81452FBE8EF88630B18C07FDD0D8B710E536B508CEA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 02FB23F4, Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.428323768.0000000002FB2000.00000040.00000001.sdmp, Offset: 02FB2000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a9ab9dd28fe4e4433931f9fc7a4b06e167528b0f50c836ab52226330697e515
                                                • Instruction ID: 0ad570b05b001553e0e58ab493a00769fcb867bbeacf78b31b0439c74c1c3167
                                                • Opcode Fuzzy Hash: 2a9ab9dd28fe4e4433931f9fc7a4b06e167528b0f50c836ab52226330697e515
                                                • Instruction Fuzzy Hash: F6D05E79615A818FD3278A1CC2A8BD53F94EF51B09F4644FDEC008BA63C368D981D200
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 02FB23BC, Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000002.00000002.428323768.0000000002FB2000.00000040.00000001.sdmp, Offset: 02FB2000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb162dafda544aef7acd4241876d0406c5043e0a83da677d0145e5336c326261
                                                • Instruction ID: e1d5a22d2ae893d1d572c3599e1f6b5a09bffb34b7db173ab94e737c1b83c8f2
                                                • Opcode Fuzzy Hash: cb162dafda544aef7acd4241876d0406c5043e0a83da677d0145e5336c326261
                                                • Instruction Fuzzy Hash: F2D05E347002818BC716DB0DC594F9937D4AF41B04F0A44E8AD008B662C7A4D8C1C600
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions